Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation in InstallShield
Vulnerability Description
Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.
CVSS Information
N/A
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
Revenera InstallShield 安全漏洞
Vulnerability Description
Revenera InstallShield(Flexera InstallShield)是Revenera公司的一个开发包。用于构建 Windows 安装程序和 MSIX 软件包。 Revenera InstallShield 2022 R2版本和2021 R2版本存在安全漏洞,该漏洞源于可写文件夹权限配置不当引发DLL劫持。
CVSS Information
N/A
Vulnerability Type
N/A