Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability

Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability

Acresso FLEXnet Connect is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of files obtained from update servers. The product has been formerly available as Macrovision FLEXnet Connect and as InstallShield Update Service.

Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer. Other attacks may also be possible.

Acresso FLEXnet Connect is vulnerable. Additional products that use the FLEXnet functionality may also be vulnerable.