Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
CVE-2007-5660
- No confirmed exploitation signals yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- —
- EG Score
- 0.0(none)
- EPSS
- 98.3%
- KEV
- Not listed
Published
November 2, 2007
Last Modified
April 23, 2026
References (20)
- cve@mitrehttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618
- cve@mitrehttp://osvdb.org/38347
- cve@mitrehttp://secunia.com/advisories/27475
- cve@mitrehttp://support.installshield.com/kb/view.asp?articleid=Q113020
- cve@mitrehttp://support.installshield.com/kb/view.asp?articleid=Q113602
- cve@mitrehttp://www.macrovision.com/promolanding/7660.htm
- cve@mitrehttp://www.securityfocus.com/bid/26280
- cve@mitrehttp://www.securitytracker.com/id?1018881
- cve@mitrehttp://www.vupen.com/english/advisories/2007/3670
- cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/38210
- af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618
- af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/38347
- af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27475
- af854a3a-2127-422b-91ae-364da2661108http://support.installshield.com/kb/view.asp?articleid=Q113020
- af854a3a-2127-422b-91ae-364da2661108http://support.installshield.com/kb/view.asp?articleid=Q113602
Publicly available exploits
(4 references)Working exploit code is in the public domain (2 Metasploit modules) (2 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- Exploit-DBEDB-16602✓ verifiedFirst seen Sep 20, 2010
Macrovision Installshield Update Service - ActiveX Unsafe Method (Metasploit)
Open source ↗ - Exploit-DBEDB-16573✓ verifiedFirst seen May 9, 2010
Macrovision Installshield Update Service - Remote Buffer Overflow (Metasploit)
Open source ↗ - Metasploitexploit/windows/browser/macrovision_downloadandexecute✓ verifiedFirst seen Oct 31, 2007
Macrovision InstallShield Update Service Buffer Overflow
Open source ↗ - Metasploitexploit/windows/browser/macrovision_unsafe✓ verifiedFirst seen Oct 20, 2007
Macrovision InstallShield Update Service ActiveX Unsafe Method
Open source ↗
Frequently asked(4)
What is CVE-2007-5660?
When was CVE-2007-5660 disclosed?
Is CVE-2007-5660 actively exploited?
How do I remediate CVE-2007-5660?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2007-5660
Is Your Infrastructure Affected by CVE-2007-5660?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.