CVE-2007-1009
First published: Thu Apr 19 2007(Updated: )
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zero G InstallAnywhere | =8 | |
| Zero G InstallAnywhere | =8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-1009?
CVE-2007-1009 is classified as a local privilege escalation vulnerability.
How do I fix CVE-2007-1009?
To mitigate CVE-2007-1009, ensure that you update Macrovision InstallAnywhere to version 8.0.1 or later.
Who is affected by CVE-2007-1009?
CVE-2007-1009 affects users of Macrovision InstallAnywhere Enterprise and Standard versions before 8.0.1.
What causes the vulnerability in CVE-2007-1009?
CVE-2007-1009 occurs due to the absence of integrity protection for the InstallScript.iap_xml configuration file.
Can CVE-2007-1009 be exploited remotely?
No, CVE-2007-1009 requires local access to exploit the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/macrovision
- canonical/zero g installanywhere
- version/zero g installanywhere/8