CVE-2023-29081 – InstallShield Symlink Vulnerability Affecting Suite Project Setups
https://notcve.org/view.php?id=CVE-2023-29081
A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. Se ha informado de una vulnerabilidad en Suite Setups creadas con versiones anteriores a InstallShield 2023 R2. Esta vulnerabilidad puede permitir que los usuarios autenticados localmente provoquen una condición de denegación de servicio (DoS) al manejar operaciones de movimiento en carpetas locales temporales. • https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052 • CWE-276: Incorrect Default Permissions •
CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://github.com/pawlokk/mindmanager-poc http://seclists.org/fulldisclosure/2024/Apr/24 https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md •