CVE-2007-6744 - Vulnerability Details - OpenCVE

Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flexerasoftware	Installshield

Configuration 1 [-]

OR	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield::::::::
	cpe:2.3:a:flexerasoftware:installshield:10.5:::::::*
	cpe:2.3:a:flexerasoftware:installshield:11:::::::*
	cpe:2.3:a:flexerasoftware:installshield:11.5:::::::*

No data.

References

Link	Providers
http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-01-19T19:00:00Z

Updated: 2024-09-16T18:34:12.715Z

Reserved: 2011-10-18T00:00:00Z

Link: CVE-2007-6744

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-01-19T19:55:00.927

Modified: 2024-11-21T00:40:54.320

Link: CVE-2007-6744

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-01-19T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42", "refsource": "CONFIRM", "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.498Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6744", "datePublished": "2012-01-19T19:00:00Z", "dateReserved": "2011-10-18T00:00:00Z", "dateUpdated": "2024-09-16T18:34:12.715Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "8566174D-59AF-4C0E-8E35-108A9EFB0CA3", "versionEndIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "536BAE00-FD82-4C61-968D-E519BEC218E3", "versionEndIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4C3AD63-0900-4E4C-8168-7EA6EF531120", "versionEndIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "98FE9015-2B87-4FD8-B47A-0B76EF004DCC", "versionEndIncluding": "12", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "7B50640A-BEB4-4ADB-B6D8-E3E6B479E944", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:11:*:*:*:*:*:*:*", "matchCriteriaId": "D22D8E16-662D-4F38-BB02-022B8E9D9969", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:installshield:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "CB19FC75-3FE9-4EC7-8DDB-0E2DC1ACB944", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe."}, {"lang": "es", "value": "Macrovision InstallShield Flexera antes de v2008 env\u00eda una contrase\u00f1a de firma digital a una aplicaci\u00f3n no deseada durante determinadas operaciones en las que participan ficheros .spc y .pvk, lo que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados. Se trata de un problema relacionado con una interacci\u00f3n incorrecta entre InstallShield y Signcode.exe."}], "id": "CVE-2007-6744", "lastModified": "2024-11-21T00:40:54.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-01-19T19:55:00.927", "references": [{"source": "cve@mitre.org", "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}