CVE-2023-29080

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2due to addingInstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
flexeraCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Common Weakness Enumeration
References
https://community.revenera.com/s/article/cve-2023-29080-security-patch-for-the-possible-privileged-escalation-scenarios-identified-in-installshield-nbsp