EUVD-2016-5547

Malware in sbrugna...

Security Bulletin: InstallAnywhere generates installation executables which are vulnerable to a DLL-planting vulnerability (CVE-2016-4560)

Summary Flexera InstallAnywhere, shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center, could allow a local attacker to gain elevated privileges on the system by using a Trojan horse DLL in the current working directory of a setup-launcher. Vulnerability Details CVEID:...

Security Bulletin:  InstallAnywhere Vulnerability affects Daeja ViewONE Professional, Standard & Virtual (CVE-2016-4560)

Summary Flexera InstallAnywhere has a security vulnerability that could be exploited in the Daeja ViewONE installation Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted...

Security Bulletin: IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack (CVE-2016-4560)

Summary IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack under certain conditions. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a remote attacker to execute arbitrary code on the system. The application does not direct...

Security Bulletin: Java DLL planting vulnerability affects IBM Sterling Secure Proxy (CVE-2016-2542)

Summary Flexera InstallAnywhere generates installation executables which are vulnerable to a DLL-planting vulnerability during installs on Windows systems. InstallAnywhere is used by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could all...

Security Bulletin: Vulnerability in Flexera InstallAnywhere affects Watson Explorer and Watson Content Analytics (CVE-2016-4560)

Summary Some components of this product include a version of Flexera InstallAnywhere that could allow a remote attacker to execute arbitrary code on the system. This vulnerability can be avoided by following the instructions included in this bulletin. Vulnerability Details CVEID: CVE-2016-4560...

Security Bulletin: Flexera InstallAnywhere DLL-planting vulnerability affects IBM Enterprise Records Installers (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...

Security Bulletin: Vulnerability in Flexera InstallAnywhere affects IBM eDiscovery Manager (CVE-2016-4560)

Summary Flexera InstallAnywhere has a security vulnerability that could be exploited in IBM eDiscovery Manager. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search pat...

Security Bulletin: Vulnerability in Flexera InstallAnywhere affects IBM eDiscovery Analyzer (CVE-2016-4560)

Summary Flexera InstallAnywhere has a security vulnerability that could be exploited in IBM eDiscovery Analyzer. Vulnerability Details CVEID:CVE-2016-4560 DESCRIPTION:Flexera InstallAnywhere could allow a remote attacker to execute arbitrary code on the system. The application does not directly...

Security Bulletin: Installer vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation, and FileNet BPM (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...

Security Bulletin: Potential vulnerability in IBM OpenPages GRC Platform due to vulnerability in Flexera InstallAnywhere based installation (CVE-2016-2542)

Summary The following potential security vulnerability has been identified in versions of IBM OpenPages GRC Platform that use a Flexera InstallAnywhere based installer. See the Vulnerability Details section for more information. Vulnerability Details Customers who have IBM OpenPages GRC Platform...

Flexera InstallAnywhere Privilege Escalation Vulnerability - Mac OS X

Flexera InstallAnywhere is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Flexera InstallAnywhere Detection (Linux/Unix SSH Login)

Detects the installed version of Flexera InstallAnywhere on Linux. The script logs in via ssh, searches for executable and queries the version from SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Flexera InstallAnywhere Detection (Windows SMB Login)

Detects the installed version of Flexera InstallAnywhere on Windows. The script logs in via smb, searches for InstallAnywhere in the registry and gets the version from SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Flexera InstallAnywhere Detection (Mac OS X SSH Login)

Detects the installed version of Flexera InstallAnywhere on Mac OS X. The script logs in via ssh, searches for folder SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Flexera InstallAnywhere Privilege Escalation Vulnerability - Linux

Flexera InstallAnywhere is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Flexera InstallAnywhere Privilege Escalation Vulnerability - Windows

Flexera InstallAnywhere is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-4560

Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file...

CVE-2016-4560

CVE-2016-4560 is a DLL‑planting vulnerability in Flexera InstallAnywhere used by multiple IBM products. Attackers could place a Trojan horse DLL in the current working directory of a setup-launcher executable to gain elevated privileges through an untrusted search path. The commonly cited CVSS ve...

CVE-2016-4560

Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file...