Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: RE: Macrovision Update Service ActiveX Control 1.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Macrovision
And, this specific program:
Macrovision Update Service ActiveX Control 1.x

This thread has been marked as locked.
bobbycow RE: Macrovision Update Service ActiveX Control 1.x
Member 11th Mar, 2014 14:40
Ranking: 0
Posts: 13
User Since: 1st Feb, 2012
System Score: N/A
Location: UK
Hi Maurice - hope you're out there!

Saw you answered one like this yesterday but mine hasn't gone away -yet.
(I also have the persistent Real Player nag - I have the latest 16 downloaded but they won't let me download the Cloud version. But anyway -

Secunia is telling me Macrovision is end of life and I should uninstall it
I was initially unable to find it anywhere - it's not on control panel or under Program Files but I found it using your method
This service seems to be called various things and as far as I can make out is a service used by non-MS programs to install programs that interact with MS and is said to be extremely widespread - accordingly removal is cautioned against but I have not come across any reference apart from Secunia to its being discontinued
Macrovision now seems to be Rovi but I can't find reference to the Active X control
I have searched the Rovi site but can find no reference to Active X, InstallShield, etc there
All very unsatisfactory unless I am missing something - maybe you can shed some light Maurice - here's a screen grab - for some reason won't work!

C: Windows/DownloadedProgram Files - there are 3
InstallShield Update Service Web isusweb.dll 1.20.100.1203
InstallShield Update Service Setup dwusplay.dll 1.20.100.1203
InstallShield Service Update Setup dwusplay.exe Install Shield Software Corporation

I note the other post mentions 6.0 but mine is 1.0 and has obviously not been updated since I guess 2002 - Secunia has obviously missed this previously on my machine.
I cannot locate the reference Secunia is making and I have tried! Just the statement that this program is discontinued.

Many thanks
Des



tshoust RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 11th Mar, 2014 15:30
Score: 0
Posts: 1
User Since: 7th Mar 2010
System Score: N/A
Location: N/A
Same problem, showed up yesterday, Macrovision Update Service ActiveX Control 3.x - can't get rid of it.

Program Name: Macrovision Update Service ActiveX Control 3.x

Security State:
End-of-Life

Download Link:

Instances Found:
C:\Windows\Downloaded Programs Files\isusweb.dll, version: 3.20.100.1123

Last System Scan (localtime):
10. Mar 2014, 15:46

Operating System:
Microsoft Windows Vista

I am reluctant to dig too deep to get rid of this updates service, and I am concerned that it might damage InstallShield which also comes in handy for uninstalling some older programs.
Was this reply relevant?
+0
-0
Maurice Joyce RE: RE: Macrovision Update Service ActiveX Control 1.x
Handling Contributor 11th Mar, 2014 21:53
Score: 11799
Posts: 9,040
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 11th Mar, 2014 22:00
Des,
Is the Active X present & enabled in the browser?

Open IE> tools>Manage Add-ons>Toolbars & Extensions

Still looking for a link to get the latest version - "needle in a haystack" job as many links on their website return a 404 error.

EDIT

If you wish to post a screenshot in the future it is a fairly easy procedure:

POSTING A SCREEN SHOT TO THE FORUM

To post a screen shot to the Forum you need to:

1. Capture the image by using a programme such as:
a. Microsoft Paint - details here if unsure how it is done.
http://www.wikihow.com/Take-a-Screenshot-in-Micros...
b. Microsoft One Note
c. Microsoft Snippet (Windows 8.1,8,7 & Vista)
d. Any third party equivalent programme like these:
http://www.thewindowsclub.com/free-screen-capture-...

2. Save the image to an online repository such as Microsoft OneDrive or a third party programme like Dropbox https://www.dropbox.com/

3. Post the hyperlink to the stored online image to the Forum. Use CTRL+C to copy & CTRL+V to post to the Forum.

I have posted to the other thread you joined about RealPlayer.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
drboyles RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 11th Mar, 2014 22:21
Score: 0
Posts: 1
User Since: 11th Mar 2014
System Score: N/A
Location: US
I have the same issue.

c:\windows\downloaded program files\isusweb.dll
v1.20.100.1203
Was this reply relevant?
+0
-0
TonyB. RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 11th Mar, 2014 22:40
Score: -34
Posts: 38
User Since: 1st Nov 2013
System Score: N/A
Location: US
Last edited on 11th Mar, 2014 22:42
having same issue with no way to remove it i have versions 5 times and 6 times with no uninstall version 5 times list it as being in folder C:\Windows\Downloaded Program Files but when i double click to go there, it seams to be a empty folder bizarre. version 6 times is in folder C:\ProgramData\Macrovision\FLEXnet Connect\6 with no uninstall nether of these active x controls list as being in IE or active what do i do how do i remove it and i did not even know i had this program. but it seams they have been on my system since 2012 or more. edit this seams to be install a shield program is this not part of windows ? or some sort of updater someone help.
Was this reply relevant?
+0
-1

TonyB.

RE: RE: Macrovision Update Service ActiveX Control 1.x
[+]
This reply has been minimised due to a negative Relevancy Score.
bobbycow RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 12th Mar, 2014 01:07
Score: 0
Posts: 13
User Since: 1st Feb 2012
System Score: N/A
Location: UK
Hi Maurice
Yes Active X is enabled and present in IE - I keep this updated although I don't actually use IE myself but I often have to update it manually as it doesn't get done automatically
Thank you for the account of how to do the screen shot transfer - I hadn't realized that was how it was done, so very useful
Just an idle thought, and you must have a much better picture, as being fairly OCD I never know where the median lies, but when the program throws up these fairly decisive dictats about program ends, and as investigating them is a moderate hassle if you're not obsessional, I wonder how many users either ignore the dictat and carry on, just junk the program regardless or where the median does lie, and whether any damage ensues as a result? Or do people with OCD just waste a lot of their and your time?! It just seems that when presented with the same information people may choose to do very different things - as in so many walks of life, and it might be interesting to know what in fact people do in fact do?
Was this reply relevant?
+0
-0

TonyB.

RE: RE: Macrovision Update Service ActiveX Control 1.x
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: RE: Macrovision Update Service ActiveX Control 1.x
Handling Contributor 12th Mar, 2014 10:22
Score: 11799
Posts: 9,040
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Des,
As an interim measure I would disable the ActiveX for Macrovision in the browser.

Having written to Secunia Support I am hopeful they will comment on this thread about the ActiveX issue. It is interesting how this has just become a "problem" - old ActiveX have been vulnerable for years.

Unsure which version of IE you are using but they are kept up to date by Microsoft via Windows Update. Under normal(default) conditions this will automatically occur on the 2nd & 4th Tuesday of each month. In addition IE11 is set by to auto update itself on a permanent basis:

https://1ncuig.bn1302.livefilestore.com/y2peSGp6ki...

I will respond to your other interesting question/observation after the Secunia Support posting.

Hope this helps.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
bobbycow RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 12th Mar, 2014 12:38
Score: 0
Posts: 13
User Since: 1st Feb 2012
System Score: N/A
Location: UK
Thanks for the suggestion Maurice
Thinking about it it may be that I pre-empt the MS updates because I see the lead-ins about coming updates and think I should have them already - I'm not known for my patience and my paranoia about security probably is getting the better of me.
I await developments with interest
Was this reply relevant?
+0
-0
nigeld1 RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 12th Mar, 2014 16:50
Score: 0
Posts: 3
User Since: 12th Mar 2014
System Score: N/A
Location: UK
I have the same problem as detailed above. The scan tells me that "Macrovision Update Service ActiveX control 1.x is unable to be updated because it has reached the end of its life.

The file is located at :-

C:\Windows\Downloaded Program Files\isusweb.dll.
Version 1.20.100.1203.

I look forward to seeing further information on the subject.
Was this reply relevant?
+0
-0
ConnieB RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 12th Mar, 2014 17:00
Score: 1
Posts: 1
User Since: 12th Mar 2014
System Score: N/A
Location: US
I had the same problem this morning after I applied Windows updates.

http://tinypic.com/r/2zfpg2g/8

--
Win 8.1
HP AMD-A6 x64
Was this reply relevant?
+1
-0
levensonjb RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 13th Mar, 2014 00:56
Score: 0
Posts: 1
User Since: 12th Mar 2014
System Score: N/A
Location: US
Same as ConnieB -- warning showed up after updating Windows with monthly security updates.
Was this reply relevant?
+0
-0
cbm128 RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 13th Mar, 2014 09:54
Score: 2
Posts: 2
User Since: 19th Mar 2009
System Score: N/A
Location: N/A
Here is what I did:
In WinXP, "C:\WINDOWS\Downloaded Program Files" is a special folder. I cannot see the files in it with Windows Explorer.
I found the isusweb.dll file by using the "dir" command in a command prompt window.
Then, I renamed the file by using the following command:
ren isusweb.dll isusweb.dll.old

The volnurability in Secunia PSI was removed.

When something in the future will not work properly, I'll re-install, hopefully with a newer, better, safer version of isusweb.dll
Was this reply relevant?
+2
-0
nigeld1 RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 13th Mar, 2014 15:20
Score: 0
Posts: 3
User Since: 12th Mar 2014
System Score: N/A
Location: UK
Presumably, if a programme needs Installshield to install itself - it will give you this facility anyway, so no danger in doing what you've done?
Was this reply relevant?
+0
-0

TonyB.

RE: RE: Macrovision Update Service ActiveX Control 1.x
[+]
This reply has been minimised due to a negative Relevancy Score.
Canon09 RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 14th Mar, 2014 14:56
Score: 3
Posts: 7
User Since: 25th Aug 2010
System Score: N/A
Location: N/A
My Secunia says that "Macrovision Update Service ActiveX Control 3.x" is END OF LIFE! What do I dooooooo????

Has a solution been found? If so, what is it??
Was this reply relevant?
+0
-0
nigeld1 RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 14th Mar, 2014 15:07
Score: 0
Posts: 3
User Since: 12th Mar 2014
System Score: N/A
Location: UK
I tried the renaming as suggested and tried by cbm128 - it worked a treat.
Was this reply relevant?
+0
-0
Moonwink RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 15th Mar, 2014 18:37
Score: 1
Posts: 14
User Since: 26th Nov 2009
System Score: N/A
Location: US
There's not much help here in resolving this problem but here's more background about it:


https://secunia.com/community/advisories/27475

Secunia Advisory SA27475 Release Date: 2007-11-01 Last Update: 2009-05-07

Where: From remote
Impact: System access
Solution Status: Vendor Patch

Software:
Macrovision AdminStudio
Macrovision FLEXnet Connect 6.x
Macrovision InstallShield 2012
Macrovision Update Service 1.x
Macrovision Update Service 2.x
Macrovision Update Service 3.x
Macrovision Update Service 4.x
Macrovision Update Service 5.x
Macrovision Update Service 6.x
Macrovision Update Service ActiveX Control 1.x
Macrovision Update Service ActiveX Control 2.x
Macrovision Update Service ActiveX Control 3.x
Macrovision Update Service ActiveX Control 4.x
Macrovision Update Service ActiveX Control 5.x
Macrovision Update Service ActiveX Control 6.x

CVE Reference(s):
CVE-2007-5660
CVE-2007-6654
CVE-2008-2470




http://www.kb.cert.org/vuls/id/630017

Solution: Apply an update

This issue is addressed in the FLEXnet Connect 6.0 Security Patch, which is available in the Acresso support document Q113020. This update removes the "Safe for Scripting" setting of the vulnerable control, which prevents the control from being scripted by Internet Explorer. Because the vulnerable control may be provided to end-users who do not have the FLEXnet Connect SDK installed, please consider the following workarounds:


Disable the Update Service Agent ActiveX control in Internet Explorer

The vulnerable ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:

{E9880553-B8A7-4960-A668-95C68BED571E}

More information about how to set the kill bit is available in Microsoft Support Document 240797 [http://support.microsoft.com/kb/240797]. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9880553-B8A7-4960-A668-95C68BED571 E}]
"Compatibility Flags"=dword:00000400

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document.
Was this reply relevant?
+0
-0
Maurice Joyce RE: RE: Macrovision Update Service ActiveX Control 1.x
Handling Contributor 16th Mar, 2014 00:44
Score: 11799
Posts: 9,040
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Des,
I noted you have taken on the RealPlayer issue on another thread. Sadly Secunia Support have also failed to respond to my email or post to the various threads I asked them to comment on.

Although I do not have anything Macrovision on any of my PC's I have done a little more research in the hope it may help you.

1. The file isusweb.dll is not native to Windows therefore any action taken will not break it. It belongs to a PROGRAMME(S) on your system that has used Installshield to install it & once installed keep "an eye" on it for update changes etc. For this reason Secunia do not give a link to the vendor because it could be one of many - for example, Aconis who use InstallShield.

2. Searching for Macrovision as a home user is fruitless. Macrovision split & sold its assets as follows:

a. Part was sold to Rovi (DRM Element) which has nothing to do with this issue.

b. The bit that covers this problem (including FLEXNet) is now owned by Flexera (formerly Acresso) who confirm that the service is EOL

https://1ncuig.bn1304.livefilestore.com/y2ptKZ_vGm...

c. The product link supplied by Secunia for those reporting the same issue with FLEXNet is a false trail - https://secunia.com/advisories/product/13552/
- it creates a 404 error from the Rovi site - as previously stated Rovi has nothing to do with it.

I think & hope you have already disabled isusweb.dll in your browser as previously advised?

As an added measure you can/should rename your files. Just navigate to:

c:\Windows\Downloaded Program Files

InstallShield Update Service Web isusweb.dll 1.20.100.1203
InstallShield Update Service Setup dwusplay.dll 1.20.100.1203
InstallShield Service Update Setup dwusplay.exe

Right click on each one & select rename - now add .OLD against each file.Example - isusweb.dll.OLD

A full rescan with PSI should clear the EOL notification. This action is fully reversible if Secunia declare it a false positive or the programme(s) it/they support throws a wobbly (unlikely).

Hope this helps until Secunia respond.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
Cyberpunk RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 16th Mar, 2014 21:10
Score: 5
Posts: 5
User Since: 7th Jan 2011
System Score: N/A
Location: BE
Last edited on 16th Mar, 2014 21:12
I got the warning about Macrovision Update Service ActiveX Control 3.x. Added .OLD to the three files in C:\Windows\Downloaded Program Files and "solved" the problem.

I do not have a folder C:\ProgramData\Macrovision\FLEXnet Connect\, but I have this folder: C:\ProgramData\InstallShield\UpdateService\Data base.

I also have some information I haven't seen in this thread. I have LaCie Backup Software 1.7.2893.17457 installed and it was this software that installed Program Updates (InstallShield Update Manager). It can be accessed through Control Panel > Program Updates.

Screenshots (in Dutch):

http://oi62.tinypic.com/2pyyfdi.jpg

http://oi61.tinypic.com/2wgdmae.jpg

I hope this helpes somewhat...

--
Win7 Home Premium x64 SP1, AMD A8-3870K Black Edition Quad-Core APU,
8 GiB RAM, Page File: 7,98 GiB, NTFS, Video adapter: ASUS Radeon HD 5450
(512MiB GDDR3), Screen: LCD 1440x900x75Hz
Was this reply relevant?
+0
-0
Patrick.B RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 17th Mar, 2014 03:55
Score: 0
Posts: 12
User Since: 8th Dec 2008
System Score: N/A
Location: N/A
Thanks. That worked. I opened a CMD prompt by finding it under All Programs > Accessories, then right-clicking it and selecting to Run as Administrator..

Once there"

CD C:\Windows\Downlo~1
RENAME isusweb.dll isusweb.dllOLD

: Done
Was this reply relevant?
+0
-0
TonyB. RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 19th Mar, 2014 00:02
Score: -34
Posts: 38
User Since: 1st Nov 2013
System Score: N/A
Location: US
I have version 5 and 6 version 5 is not listed were Secunia is telling me it is and i have find hidden files on its telling me it's in c:\Windows\Downloaded Program Files\isusweb.dll i can find the version 6 i know were it is but its not active as none of these show in IE 11 on windows 8.1 as even being in there. So why is it flagging version 5 when it is clearly not on my PC??????????
Was this reply relevant?
+0
-0
adfehrfp RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 23rd Mar, 2014 22:49
Score: 0
Posts: 1
User Since: 23rd Mar 2014
System Score: N/A
Location: US
i already deleted the files in the downloaded programs folder so i cannot go back and rename them but i am still getting the secunia EOL flag in my re-scan
Was this reply relevant?
+0
-0
Moonwink RE: RE: Macrovision Update Service ActiveX Control 1.x
Member 24th Mar, 2014 04:25
Score: 1
Posts: 14
User Since: 26th Nov 2009
System Score: N/A
Location: US
With my Windows 8.1 installation, I could not get to a "privileged" command prompt until I created a shortcut to CMD.EXE in C:\Windows\System 32 on my (Classic Shell) desktop. I edited the shortcut so it always "Runs as Administrator". Then after launching CMD, I was able to change directory to C:\Windows\Downloaded Programs Files\ and rename the file using this syntax: C:\Windows\Downloaded Programs Files\ren isusweb.dll isusweb.dll.old

Almost immediately afterward, PSI sensed the change and showed me with a 100% Secunia System Score again.

It seems like Secunia should have addressed this post well before now. I'm very disappointed they have chosen to ignore our concerns.

Thank you to all those offering solutions to this irritating problem.
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer