(cache) Q113602 INFO: FLEXnet Connect 6.0 Security Patch


	Macrovision Knowledge Base

INFO: FLEXnet Connect 6.0 Security Patch

Document ID: Q113602
Last Revised On: Tuesday, October 30, 2007

This article applies to the following:
Product(s):
Update Service 2.x
Update Service 3.x
Update Service 4.x
Update Service 5.x
FLEXnet Connect 6

Operating System(s): All Windows

Summary

On October 8th, 2007, Macrovision® was notified of a vulnerability disclosure outlining the presence of a “Safe for Scripting” issue. This issue potentially causes vulnerabilities in the FLEXnet Connect® client, including a possible buffer overflow.

At Macrovision, providing our customers with the most secure solutions has always been a top priority, and we have released a patch to solve this problem based on version 6.0 of the FLEXnet Connect client for Microsoft Windows. This does not affect the FLEXnet Connect Universal Client, or any versions starting with 6.1.

Discussion

To download and install the patch:

If you are an InstallShield® or AdminStudio® customer, the patch will be made available to you as an update to InstallShield and AdminStudio through FLEXnet Connect. Please download and install it from there.

Alternatively, you can download and install the patch from this location: http://saturn.installshield.com/isus/600/update/setup.exe

To verify your FLEXnet Connect Agent has the security fix applied:

In Windows Explorer, locate Agent.exe. For users of FLEXnet Connect 6.0 and earlier, Agent.exe will be located in: c:\program files\common files\installshield\updateservice\.
Right-click on Agent.exe and click Properties . Then click the Version tab and verify that Agent.exe is version 6.0.100.65101 or higher.

Note: For users of FLEXnet Connect 6.1 and later, Agent.exe already includes this security fix.

INFO: FLEXnet Connect 6.0 Security Patch

Summary

Discussion

How Can We Improve This KB Article?