Windows Installer Elevation Vulnerability in Microsoft Products
CVE-2015-2371

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Rt; Windows 8.1; Windows Server 2008
Vendor: CVE Published:; 14 July 2015

Summary

The Windows Installer service in several versions of Microsoft Windows products is susceptible to an elevation of privilege vulnerability. This flaw allows local users to execute custom action scripts via a crafted .msi package, potentially granting them unauthorized access and increased user privileges on the system. The impacted versions span from Windows Server 2003 to Windows 8.1, indicating a broad exposure to this risk across older and current operating systems. Users are encouraged to apply security updates to mitigate this vulnerability.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1032905

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 14, 2015
Vulnerability Reserved
Mar 19, 2015