3 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. Vulnerabilidad de búsqueda de ruta no confiable en Flexera InstallShield hasta la versión 2015 SP1 permite a usuarios locales obtener privilegios a través de un Troyano DLL en el directorio de trabajo actual de un archivo de lanzamiento de configuración ejecutable. • http://www.securityfocus.com/bid/84213 http://www.securitytracker.com/id/1035097 https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues https://us-cert.cisa.gov/ics/advisories/icsa-20-287-03 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.tenable.com/security/tns-2019-08 •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. Macrovision InstallShield Flexera antes de v2008 envía una contraseña de firma digital a una aplicación no deseada durante determinadas operaciones en las que participan ficheros .spc y .pvk, lo que podría permitir a usuarios locales obtener información sensible a través de vectores no especificados. Se trata de un problema relacionado con una interacción incorrecta entre InstallShield y Signcode.exe. • http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0

The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. El control ActiveX Macrovision InstallShield InstallScript One-Click Install (OCI) 12.0 versiones anteriores SP2 no valida los ficheros DLL que se consideran como parámetros del control, lo cual permite a atacantes remotos descargar código de librerías de su elección de la máquina cliente. • http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649 http://secunia.com/advisories/29549 http://securitytracker.com/id?1019735 http://www.securityfocus.com/bid/28533 http://www.vupen.com/english/advisories/2008/1049 https://exchange.xforce.ibmcloud.com/vulnerabilities/41558 • CWE-94: Improper Control of Generation of Code ('Code Injection') •