Windows Installer Elevation Vulnerability in Microsoft Products
CVE-2015-2371

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Rt; Windows 8.1; Windows Server 2008
Vendor: CVE Published:; 14 July 2015

What is CVE-2015-2371?

The Windows Installer service in several versions of Microsoft Windows products is susceptible to an elevation of privilege vulnerability. This flaw allows local users to execute custom action scripts via a crafted .msi package, potentially granting them unauthorized access and increased user privileges on the system. The impacted versions span from Windows Server 2003 to Windows 8.1, indicating a broad exposure to this risk across older and current operating systems. Users are encouraged to apply security updates to mitigate this vulnerability.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1032905

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 14, 2015
Vulnerability Reserved
Mar 19, 2015