Published: 29/03/2023 Updated: 19/04/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flexera revenera installshield 2021
flexera revenera installshield

Full Disclosure mailing list archives   By Date By Thread </form>    MindManager 23 - full disclosure   From: Pawel Karwowski via Full ...

public disclosure

mindmanager-poc public disclosure: Affected application: MindManager23_setupexe Platform: Windows Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition) Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team) Proposed mitigation: learnmicrosoftcom/en-us/windows/win32/msi/disablemsi Reasoning for p

NVD-CWE-noinfo https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md http://seclists.org/fulldisclosure/2024/Apr/24 https://github.com/pawlokk/mindmanager-poc https://nvd.nist.gov https://seclists.org/fulldisclosure/2024/Apr/24

CVE-2021-41526

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect