Published: 06/06/2022 Updated: 28/04/2023

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Caphyon Ltd Advanced Installer 19.3 and previous versions and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Vulnerable Product	Search on Vulmon	Subscribe to Product
caphyon advanced installer
realdefense mypasslock 1.9.6
realdefense mycleanpc 4.0.2
realdefense mycleanid 4.1.4
prusa3d prusaslicer 2.4.2
plagiarismcheckerx plagiarism checker x 8.0.6
vigem vigembus driver 1.16.116
nefarius scptoolkit 1.6.238.16010
moonsoftware password agent 20.10.1
getmailbird mailbird 2.9.50.0
krylack burning suite 1.20.05
krylack rar password recovery 3.70.69
krylack volume serial number editor 2.02.34
krylack zip password recovery 3.70.69
krylack asterisks password decryptor 3.31.107
krylack archive password recovery 3.70.69
jpsoft take command 28.2.18
jki vi package manager 21.1.2754
honeygain honeygain 0.10.7.0
guzogo guzogo 1.0.5.0
gamecaster gamecaster 4.0.2109.2802
gainedge better explorer 2020.3.15.1304
fxsound fxsound 1.1.12.0
freesnippingtool free snipping tool 5.6.0.0
flamory flamory 4.2.19.0
emeditor emeditor 21.3.0
codesector direct folders 4.0
boom boomtv streamer portal 2.2.1
codesector teracopy 3.8.5
3cx crm template generator 2.1.23
3cx call flow designer 18.2.13
vpnhood vpnhood 2.4.299
vrdesktop virtual desktop streamer 1.20.16
urban-vpn urban vpn 2.2.5
xsplit xsplit express video editor 3.0.2001.801
rovio bad piggies 1.3.0
rovio angry birds space 1.4.1
synaptics displaylink usb graphics
rstinstruments vw0420_firmware 1.33.0
rstinstruments rstar rtu host 1.33.0
rstinstruments ipi utility 1.05.0
rstinstruments inclinalysis digital inclinometer 2.48.9
rstinstruments dt2011_firmware 1.19.4.0
rstinstruments dt2011b_firmware 1.19.4.0
rstinstruments dt2040_firmware 1.19.4.0
rstinstruments dt2050_firmware 1.19.4.0
rstinstruments dt2050b_firmware 1.19.4.0
rstinstruments dt2055b_firmware 1.19.4.0
rstinstruments dt2306_firmware 1.19.4.0
rstinstruments dt2350_firmware 1.19.4.0
rstinstruments dt2485_firmware 1.19.4.0
rstinstruments dt4205_firmware 1.19.4.0
rstinstruments dtsaa_firmware 1.19.4.0
rstinstruments ic6560_firmware 1.19.4.0
rstinstruments ic6660_firmware 1.19.4.0
rstinstruments dtl201b\\/2b_firmware 1.19.4.0
rstinstruments mtcm_firmware 1.19.4.0
rstinstruments gaa2820_firmware 1.19.4.0
rstinstruments rtu_firmware 1.19.4.0
rstinstruments mems_tilt_meter_firmware 1.20.1
rstinstruments portable_tilt_meter_firmware 1.20.1
rstinstruments vw2106_firmware -
rstinstruments th2016_firmware 1.4.0.2
rstinstruments th2016b_firmware 1.4.0.2
rstinstruments ma7_firmware 1.4.0.2
rstinstruments qb120_firmware 1.4.0.2
rstinstruments sg350_firmware 1.4.0.2
rstinstruments ir420_firmware 1.4.0.2
rstinstruments lp100_firmware 1.4.0.2
rstinstruments c109_firmware 1.4.0.2

CVE-2022-27438 Caphyon Ltd Advanced Installer 193 "CustomDetection" Update Check Remote Code Execution Vulnerability Usage: python3 cve-2022-27438_pocpy Details in the report at gerrre Steps to reproduce For other affected products, you have to change the update server and update configuration filename These can often be found in the updater ini in the applic

CWE-494 http://caphyon.com https://gerr.re/posts/cve-2022-27438/http://advanced.com https://www.advancedinstaller.com/security-updates-auto-updater.html https://nvd.nist.gov https://github.com/gerr-re/cve-2022-27438

CVE-2022-27438

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect