This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to exploit a buffer overflow vulnerability by passing long arguments into a method of Macrovision InstallShield Update Service ActiveX control.
The Macrovision InstallShield Update Service ActiveX control is a web-based software-updating component commonly installed with Macrovision InstallShield and FLEXnet software.
InstallShield Update Service (CLSID: E9880553-B8A7-4960-A668-95C68BED571E) is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied data. These issues affect several unspecified methods within the 'isusweb.dll' library.
Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer).
These issues affect InstallShield Update Service 5.01.100.47363 and 126.96.36.199146.
- Macrovision FLEXnet Connect
- Macrovision InstallShield 2008
- Macrovision Update Service 3.0, 4.0, 5.0, 5.1.100 47363, 6.0.100 60146
The vendor has released advisories and updates that address these issues. Please see the references for more information.