CVE-2021-41526
Summary
| CVE | CVE-2021-41526 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-29 21:15:00 UTC |
| Updated | 2023-04-06 19:34:00 UTC |
| Description | A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Flexera | Revenera Installshield | All | All | All | All |
| Application | Flexera | Revenera Installshield | 2021 | - | All | All |
| Application | Flexera | Revenera Installshield | 2021 | r1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability-Disclosures/MNDT-2021-0011.md at master · mandiant/Vulnerability-Disclosures · GitHub | MISC | github.com | |
| CVE-2021-41526: Privilege escalation vulnerability during MSI repair – for the MSI built with Instal... - Community | CONFIRM | community.flexera.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.