Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41526

A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.

Published

2023-03-29T21:15:07.810

Last Modified

2024-11-21T06:26:21.203

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	flexera	revenera_installshield	< 2021	Yes
Application	flexera	revenera_installshield	2021	Yes
Application	flexera	revenera_installshield	2021	Yes

References

http://seclists.org/fulldisclosure/2024/Apr/24 ([email protected])
https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message Vendor Advisory ([email protected])
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2024/Apr/24 (af854a3a-2127-422b-91ae-364da2661108)
https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)