Macrovision patches patch-delivery tool, leaves DRM zero-day wide open

Macrovision patches patch-delivery tool, leaves DRM zero-day wide open

Summary: Macrovision today released a patch for a very severe vulnerability in the FLEXnet Connect (InstallShield) patch-delivery offering but there's still no word on a fix for a zero-day attack vector in the company's Safedisc DRM application.

SHARE:

Macrovision patches patch-delivery tool, leaves DRM zero-day wide openMacrovision today released a patch for a very severe vulnerability in the FLEXnet Connect (InstallShield) patch-delivery offering but there's still no word on a fix for a zero-day attack vector in the company's Safedisc DRM application.

FLEXnet Connect, which lets users electronically deliver applications, patches, updates, and messages directly to third-party systems, has been updated to correct an ActiveX issue that could lead to code execution attacks.

[ SEE: Zero-day flaw in Macrovision DRM app under attack ]

A warning from iDefense spells out the risk scenario:

Exploitation allows attackers to execute arbitrary code with the privileges of the currently logged-in user. In order for exploitation to occur, users would be required to have a vulnerable version of the software installed and be lured to a malicious site. Even though the update control does display an interface, no additional interaction is required in order for exploitation to occur.

Since this control is marked "safe for scripting", it can be launched from a web page without warning dialogs. While it is possible for an alert user to determine what is occurring and cancel the installation, the window of opportunity is small and based solely upon the time required for the system to complete the download.

Macrovision InstallShield Update Service versions 5.01.100.47363 and 6.0.100.60146 are confirmed vulnerable . Previous versions are also suspected to be at risk, iDefense said.

Patches are available for download at Macrovision's FLEXnet Connect site.

Macrovision patches patch-delivery tool, leaves DRM zero-day wide openMeanwhile, Windows users are still waiting for a known -- and under attack --- flaw affecting the Macrovision Safedisc (secdrv.sys) DRM scheme.

That vulnerability, which affects default installations of Windows XP and Windows 2003, can be exploited to overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges.

Proof-of-concept exploit code (.zip file) for the Safedisc issue is already in circulation. A functional exploit is commercially available through the CORE IMPACT and Immunity Canvas penetration testing platforms.

There is a strong likelihood that the Macromedia Safedisc patch will be bundled with Microsoft's updates on Patch Tuesday next month (November 13, 2007).

Topics: Hardware, Mobility, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Sue the parasite

    Macrovision is parasite company with no legal business model (except then they got installsheild and sadly now i am worry each i install a software using it, as who know what kind of illegal software is installed by the shady macrovision at the same time.) and this flaw in illegal DRM scam should be the perfect oportunity to sue macrovision for deliverying (agains most user will) a dangerous piece of maleware.
    Mectron
    • You made a *slight under-estimate*

      "...this flaw in illegal DRM scam should be the perfect oportunity to sue macrovision for deliverying (agains most user will) a dangerous piece of maleware."

      I think you'll find that if *all* users knew what this entails, then it would be *against the will of all users*. I can't see any rational and logical person ever openly wanting an accepted piece of malware installed on their system(s).

      Grammar aside - you raised some interesting issues. Great stuff!

      Regards. :^)
      thx-1138_
  • Macro-patch...... Micro-patch

    What's the difference? It's all a
    crap-patch.
    Ole Man