216.73.216.215

CVE-2023-29080

· Published 30/01/2025 18:15 · Modified 30/01/2025 18:15

Labels: CVE-2023-29080 2025-01-30CVE-2023-29080CWE-552[email protected]

Essential information

Published
30/01/2025 18:15
Modified
30/01/2025 18:15
Author
Creator
CISA KEV
No
CWE

Description

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References