Macrovision Knowledge Base

INFO: FLEXnet Connect 6.0 Security Patch

Document ID: Q113020
Last Revised On: Tuesday, October 30, 2007

This article applies to the following:
Product(s):
Update Service 3.x
Update Service 4.x
Update Service 5.x
FLEXnet Connect 6

Operating System(s): All Windows

Summary

On October 8th, 2007, Macrovision® was notified of a vulnerability disclosure outlining the presence of a “Safe for Scripting” issue. This issue potentially causes vulnerabilities in the FLEXnet Connect® client, including a possible buffer overflow.

At Macrovision, providing our customers with the most secure solutions has always been a top priority, and we have released a patch to solve this problem based on version 6.0 of the FLEXnet Connect client for Microsoft Windows. This does not affect the FLEXnet Connect Universal Client, or any versions starting with 6.1.

Discussion

If you are a FLEXnet Connect customer, we recommend you deploy this patch as soon as possible to your customer base. To do so, please follow the steps below:

To deploy the patch to your customer base:

  1. Download the executable for this hotfix from http://saturn.installshield.com/isus/600/update/setup.exe
  2. Host the hotfix executable on your company's servers.
  3. Create and publish an update for your customers that delivers the hotfix executable.
 
NOTE: Remember to create a condition for the hotfix update to ensure that only users with Agents prior to version 6.0.100.65101 receive the update.
 
To bundle the new FLEXnet Connect client with your application:

  1. Please note that if Macrovision hosts your version of FLEXnet Connect, you don’t need to download and install the updated SDK. It has been done for you.
  2. Uninstall the previous version of the Flexnet Connect SDK. The necessary files will not be updated if the new SDK is applied over an older version.
  3. Download and install the latest FLEXnet Connect 6.0 SDK on your build system. The SDK can be found: http://saturn.installshield.com/isus/600/windowssdk/flexnetconnectsdk.exe
  4. Rebuild your application installer using the updated Windows Installer Merge Module.

NOTE: Updating your FLEXnet Connect SDK ensures your new setups deploy an Agent that includes this security fix.

Additional Information

If you have a Macrovision support plan and have any questions about this patch, please contact Macrovision Support at installshieldsupport@macrovision.com or use the number provided in your maintenance package.

References

For more information on how to create an update in FLEXnet Connect, you can look here.

 

 

 


How Can We Improve This KB Article?

Please rate the quality of this article: Excellent Good Fair Poor

Did this article answer your question? If not, we'd like to hear more about it.

If we have any follow-up questions, where can we contact you?

Email Address (optional):

Articles are periodically updated based on your feedback, but a response is not sent to all feedback received.
For answers to your technical support questions, please contact us using one of the support options at http://support.installshield.com/contact/