CVE-2023-29080
Description
Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2023-29080? +
How do I check if I'm vulnerable to CVE-2023-29080? +
Related Vulnerabilities
The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from …
Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file …
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or …
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow …
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, …
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue …