2006-05-12 00:00:00
mitre
PUBLISHED
The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.