Untrusted Search Path Vulnerability in Flexera InstallShield
CVE-2016-2542

7.8HIGH

Key Information:

Vendor

Flexera

Status
Installshield
Vendor
CVE Published:
24 February 2016

What is CVE-2016-2542?

An untrusted search path vulnerability exists in Flexera InstallShield versions up to 2015 SP1. This flaw enables local users to exploit a Trojan horse DLL placed in the working directory of a setup-launcher executable. By doing so, they can potentially gain elevated privileges, leading to unauthorized actions and access within the system. Organizations using affected versions of InstallShield should prioritize the application of relevant patches and improve their overall security posture by adhering to best practices for managing executable environments.

References

http://www.securitytracker.com/id/1035097
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/84213
vdb-entryx_refsource_BID
https://www.tenable.com/security/tns-2019-08
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.