InstallShield Issues and BorderManager Vulns

Macrovision InstallShield Update Service contains an insecure method vulnerability. InstallShield contains an ActiveX control that is marked safe for scripting. An attacker could leverage the update service to download and install malicious software. Due to the fact that it is marked safe for scripting, this could be exploited by a malicious web site or a downloaded application. The following ActiveX control should be disabled so that Internet Explorer will not load the control.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9880553-B8A7-4960-A668-95C68BED571E}]

“Compatibility Flags”=dword:00000400

The updated versions of FlexNet and InstallShield products will not be marked safe for scripting.

Additionally, Novell Border Manager Client is vulnerable to a remote heap-based buffer overflow. The vulnerability exists within the Client Trust Application and can be exploited by sending a specially crafted packet to the application. Successful exploitation could result in the exploitation of arbitrary code. The vulnerability is reported in Novell BorderManager 3.8.