Description

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.

INFO

Published Date :

2025-01-30T17:41:55.526Z

Last Modified :

2025-02-12T17:03:46.935Z

Source :

flexera
AFFECTED PRODUCTS

The following products are affected by CVE-2023-29080 vulnerability.

Vendors Products
Revenera
  • Installshield
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-29080.

URL Resource
https://community.revenera.com/s/article/cve-2023-29080-security-patch-for-the-possible-privileged-escalation-scenarios-identified-in-installshield-nbsp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability