Flexera InstallShield Untrusted Search Path Vulnerability

high Nessus Plugin ID 89692

Synopsis

An application installed on the remote Windows host is affected by an untrusted search path vulnerability.

Description

The Flexera InstallShield application installed on the remote host is missing a vendor-supplied hotfix. It is, therefore, affected by an untrusted search path vulnerability due to looking for specific files or libraries in the current working directory, which may not be trusted or under user control. A remote attacker can exploit this, using a specially crafted DLL, by convincing a user to open a file (e.g., located on a remote WebDAV share), resulting in the injection and execution of arbitrary code.

Solution

Apply the vendor-supplied Hotfix IOJ-1745445. Note that this may require an upgrade to InstallShield 2015 SP1. Furthermore, the vendor recommends that InstallShield customers follow Windows best practices when using custom actions since the hotfix is not applicable to custom actions.

See Also

http://www.nessus.org/u?1d6580b3

http://www.nessus.org/u?1f913224

http://www.nessus.org/u?e3269c83

http://www.binaryplanting.com/

https://www.commonexploits.com/unquoted-service-paths/

Plugin Details

Severity: High

ID: 89692

File Name: flexera_installshield_cve-2016-2542.nasl

Version: 1.10

Type: local

Family: CGI abuses

Published: 3/6/2016

Updated: 11/20/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-2542

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:flexerasoftware:installshield

Required KB Items: installed_sw/Flexera InstallShield

Exploit Ease: No known exploits are available

Patch Publication Date: 1/25/2016

Vulnerability Publication Date: 1/21/2016

Reference Information

CVE: CVE-2016-2542

BID: 83334

IAVB: 2016-B-0040