CVE-2024-14012

EUVD-2024-55044
Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed in versions 2023 R2 and later.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
flexeraCNA
7.3 HIGH
LOCAL
LOW
LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
revenerainstallshield
2023.R1
CNA
Common Weakness Enumeration
References
https://community.revenera.com/s/article/CVE-2024-14012-Potential-Privilege-Escalation-in-InstallShield-2023-R1