CVE-2023-29080 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or…
High CVSS: 8.5

CVE-2023-29080

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.
Vendor
-
Product
-
CWE
CWE-552
Yayın Tarihi
2025-01-30 18:15:28
Güncelleme
2025-01-30 18:15:28
Source Identifier
PSIRT-CNA@flexerasoftware.com
KEV Date Added
-

Kategoriler

CWE-552 HIGH 2025

Referanslar

https://community.revenera.com/s/article/cve-2023-29080-security-patch-for-the-possible-privileged-escalation-scenarios-identified-in-installshield-nbsp