Privilege Escalation Vulnerability in Windows Installer by Flexera
CVE-2021-41526

7.8HIGH

Key Information:

Vendor: Flexera
Status: Revenera Installshield
Vendor: CVE Published:; 29 March 2023

What is CVE-2021-41526?

A vulnerability exists within the Windows Installer (MSI) that utilizes InstallScript custom actions. This flaw could enable an attacker to escalate privileges when the 'repair' function of the MSI is executed. The risk highlights the importance of scrutinizing how custom scripts are employed in installation packages. Proper mitigation strategies are essential to prevent unauthorized access to elevated privileges during installation processes.

References

https://community.flexera.com/t5/InstallShield-Knowledge-...

https://github.com/mandiant/Vulnerability-Disclosures/blo...

http://seclists.org/fulldisclosure/2024/Apr/24

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Sep 20, 2021

CVE-2021-41526 Data

JSON