Security Advisory

CVE-2023-29080

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-30 17:41:55

Last updated 2025-02-12 17:03:46

Assigner flexera

State PUBLISHED

Description

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.

← Browse all CVEs View on cve.org ↗