CVE-2021-41526

2023-03-2900:00:00

flexera

github.com

cve-2021-41526

privilege escalation

windows installer

installscript custom action

vulnerability

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:flexera:revenera_installshield:-:*:*:*:*:windows:*:*"
    ],
    "vendor": "flexera",
    "product": "revenera_installshield",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2021",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*"
    ],
    "vendor": "flexera",
    "product": "revenera_installshield",
    "versions": [
      {
        "status": "affected",
        "version": "2021"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*"
    ],
    "vendor": "flexera",
    "product": "revenera_installshield",
    "versions": [
      {
        "status": "affected",
        "version": "2021"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

seclists.org/fulldisclosure/2024/Apr/24

community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message

github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md