CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29081 – InstallShield Symlink Vulnerability Affecting Suite Project Setups
https://notcve.org/view.php?id=CVE-2023-29081
A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. Se ha informado de una vulnerabilidad en Suite Setups creadas con versiones anteriores a InstallShield 2023 R2. Esta vulnerabilidad puede permitir que los usuarios autenticados localmente provoquen una condición de denegación de servicio (DoS) al manejar operaciones de movimiento en carpetas locales temporales. • https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://github.com/pawlokk/mindmanager-poc http://seclists.org/fulldisclosure/2024/Apr/24 https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2542
https://notcve.org/view.php?id=CVE-2016-2542
Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. Vulnerabilidad de búsqueda de ruta no confiable en Flexera InstallShield hasta la versión 2015 SP1 permite a usuarios locales obtener privilegios a través de un Troyano DLL en el directorio de trabajo actual de un archivo de lanzamiento de configuración ejecutable. • http://www.securityfocus.com/bid/84213 http://www.securitytracker.com/id/1035097 https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues https://us-cert.cisa.gov/ics/advisories/icsa-20-287-03 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.tenable.com/security/tns-2019-08 •