EUVD-2024-22709

Malicious code in bioql PyPI...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2023-7270 Local Privilege Escalation via MSI installer

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running a...

CVE-2024-25376

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode...

CVE-2024-25376

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode...

BIT-NODE-2023-30585

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

Exploit for Improper Privilege Management in Thalesgroup Sentinel_Hasp_Ldk

CVE-2024-0197-POC Proof of concept for Local Privilege Escalat...

CVE-2023-30585

CVE-2023-30585 affects Node.js on Windows when installed via the .msi installer and only during the repair operation. The msiexec.exe process, running as NT AUTHORITY\SYSTEM, reads the %USERPROFILE% value from the current user’s registry and, if the referenced path does not exist, creates the pat...

CVE-2023-30585

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

USB-based Wormable Malware Targets Windows Installer

Credit: Red Canary Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at...

Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to...

ManageEngine ServiceDesk Plus Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus CVE-2021-44077', 'Description' = %q This module exploits CVE-2021-44077, an unauthenticated remote code execution...

IcedID Banker is Back, Adding Steganography, COVID-19 Theme

A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity. Researchers at Juniper Threat Labs have...

CVE-2020-13162

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows which runs as NT AUTHORITY/SYSTEM allows unprivileged users to run a Microsoft Installer executable with elevated privileges. Recent assessments:...

CVE-2018-13013

The CVE-2018-13013 entry affects SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to 4.4.9. Root cause: improper check of unusual conditions when launching msiexec.exe via the SysWatch service, allowing a local attacker to...

Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)

This host is installed with Adobe Acrobat and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeacrobatmultvulnapr12win.nasl 8210 2017-12-21 10:26:31Z cfischer $ Adobe Acrobat Multiple Vulnerabilities April-2012 Windows Authors: Thanga Prakash S Copyright: Copyright c...

ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting

Adobe issued an update for Adobe Reader X new version is 10.1.3, which, among other issues, fixes an outside-the-sandbox msiexec.exe EXE planting vulnerability we reported to them earlier this year. This article explains the vulnerability and how it could have been exploited...

Adobe Reader Multiple Vulnerabilities (Apr 2012) - Mac OS X

Adobe Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatreader";...

CVE-2008-2547

Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x aka /uninstall option. NOTE: this issue might cross privilege boundaries if msiexec.exe is...

Stack overflow

Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x aka /uninstall option. NOTE: this issue might cross privilege boundaries if msiexec.exe is...