Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated privileges on the system.
CVEID: CVE-2016-2542**
DESCRIPTION:** Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110914> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
2.5.1
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Security Guardium Data Redaction | 2.5.1 | https://www-01.ibm.com/software/passportadvantage/pao_customer.html |
This is an installation modification - existing deployments are not required to be reinstalled; Old installation can be also used from within an empty directory