Описание
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2021 (исключая)
Одно из
cpe:2.3:a:flexera:revenera_installshield:*:*:*:*:*:windows:*:*
cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*
cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*
EPSS
Процентиль: 17%
0.00055
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
EPSS
Процентиль: 17%
0.00055
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo