Some vulnerabilities have been reported in Macrovision products, which can be exploited by malicious people to compromise a user's system.

1) Unspecified insecure methods provided by the Update Service ActiveX control (isusweb.dll) can be exploited to e.g. download and execute arbitrary programs.

The vulnerability is reported in versions 5.01.100.47363 and 6.0.100.60146 of the Update Service ActiveX control. Other versions may also be affected.

2) A boundary error within the Update Service ActiveX control (isusweb.dll) when handling the "DownloadAndExecute()" method can be exploited to cause a buffer overflow via an overly long "ProductCode" argument.

The vulnerability is reported in version 5.01.100.47363 of the Update Service ActiveX control. Other versions may also be affected.

3) An unspecified error within the Update Service ActiveX control (isusweb.dll) when handling certain URLs passed to the "ExecuteRemote()" method can be exploited to cause a memory corruption via an URL causing a server to return a 404 error.

Solution
Apply updates (see vendor's advisory for details).
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Discovered by an anonymous researcher and reported via iDefense Labs.
2) Elazar Broad
3) US-CERT credits Brian Dowling, Simplicity Communications

Changelog
Further details available to Secunia VIM customers

Original Advisory
Macrovision:
http://www.macrovision.com/promolanding/7660.htm
http://support.installshield.com/kb/view.asp?articleid=Q113020
http://support.installshield.com/kb/view.asp?articleid=Q113602

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=618

US-CERT:
http://www.kb.cert.org/vuls/id/630017

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available to Secunia VIM customers