Summary
On October 8th, 2007, we were notified of a vulnerability disclosure outlining the presence of a ?Safe for Scripting? issue. This issue potentially causes vulnerabilities in the FlexNet Connect® client, including a possible buffer overflow.Synopsis
This article provides a patch that addresses a potential security vulnerability around the presence of a ?Safe for Scripting? issue. This issue potentially causes vulnerabilities in the FlexNet Connect® client, including a possible buffer overflow.
This patch applies to the FlexNet Connect Client for Microsoft Windows prior to version 6.0.100.65101. This does not affect the FlexNet Connect Universal Client, or any versions starting with 6.1.
Note: FlexNet Connect 6.0 has reached end of life. You can learn more about our latest release here. Thank you for using FlexNet Connect.
Discussion
If you are a FlexNet Connect customer, we recommend you deploy this patch as soon as possible to your customer base. To do so, please follow the steps below:
To deploy the patch to your customer base:
- Download the executable for this hotfix from http://saturn.installshield.com/isus/600/update/setup.exe
- Host the hotfix executable on your company's servers.
- Create and publish an update for your customers that delivers the hotfix executable.
NOTE: Remember to create a condition for the hotfix update to ensure that only users with Agents prior to version 6.0.100.65101 receive the update. For example:
- Uninstall the previous version of the FlexNet Connect SDK. The necessary files will not be updated if the new SDK is applied over an older version.
- Download and install the latest FlexNet Connect 6.0 SDK on your build system. The SDK can be downloaded here .
- Rebuild your application installer using the updated Windows Installer Merge Module.
NOTE: Updating your FlexNet Connect SDK ensures your new setups deploy an Agent that includes this security fix.