Lucene search

[email protected]CVE-2021-41526

HistoryMar 29, 2023 - 9:15 p.m.

CVE-2021-41526

2023-03-2921:15:07

[email protected]

web.nvd.nist.gov

117

cve-2021-41526

vulnerability

windows installer

msi

privilege escalation

installscript custom action

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.

Affected configurations

NVD

Node

flexerarevenera_installshieldRange<2021windows

flexerarevenera_installshieldMatch2021-windows

flexerarevenera_installshieldMatch2021r1windows

CPENameOperatorVersion
flexera:revenera_installshieldflexera revenera installshieldlt2021

CPE	Name	Operator	Version
flexera:revenera_installshield	flexera revenera installshield	lt	2021

References

seclists.org/fulldisclosure/2024/Apr/24

community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message

github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-41526

hp1 nvd4 prion4 cvelist4 cve3