Macrovision patches patch-delivery tool, leaves DRM zero-day wide open

Summary:Macrovision today released a patch for a very severe vulnerability in the FLEXnet Connect (InstallShield) patch-delivery offering but there's still no word on a fix for a zero-day attack vector in the company's Safedisc DRM application.

Macrovision patches patch-delivery tool, leaves DRM zero-day wide open
Macrovision today released a patch for a very severe vulnerability in the FLEXnet Connect (InstallShield) patch-delivery offering but there's still no word on a fix for a zero-day attack vector in the company's Safedisc DRM application.

FLEXnet Connect, which lets users electronically deliver applications, patches, updates, and messages directly to third-party systems, has been updated to correct an ActiveX issue that could lead to code execution attacks.

[ SEE: Zero-day flaw in Macrovision DRM app under attack ]

A warning from iDefense spells out the risk scenario:

Exploitation allows attackers to execute arbitrary code with the privileges of the currently logged-in user. In order for exploitation to occur, users would be required to have a vulnerable version of the software installed and be lured to a malicious site. Even though the update control does display an interface, no additional interaction is required in order for exploitation to occur.

Since this control is marked "safe for scripting", it can be launched from a web page without warning dialogs. While it is possible for an alert user to determine what is occurring and cancel the installation, the window of opportunity is small and based solely upon the time required for the system to complete the download.

Macrovision InstallShield Update Service versions 5.01.100.47363 and 6.0.100.60146 are confirmed vulnerable . Previous versions are also suspected to be at risk, iDefense said.

Patches are available for download at Macrovision's FLEXnet Connect site.

Macrovision patches patch-delivery tool, leaves DRM zero-day wide open
Meanwhile, Windows users are still waiting for a known -- and under attack --- flaw affecting the Macrovision Safedisc (secdrv.sys) DRM scheme.

That vulnerability, which affects default installations of Windows XP and Windows 2003, can be exploited to overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges.

Proof-of-concept exploit code (.zip file) for the Safedisc issue is already in circulation. A functional exploit is commercially available through the CORE IMPACT and Immunity Canvas penetration testing platforms.

There is a strong likelihood that the Macromedia Safedisc patch will be bundled with Microsoft's updates on Patch Tuesday next month (November 13, 2007).

Topics: Hardware, Mobility, Operating Systems, Security, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.