Primary

Context

Revenera InstallShield Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Revenera InstallShield versions 2022 R2 and 2021 R2. This vulnerability arises from the addition of InstallScript custom actions to Basic MSI or InstallScript MSI projects, which extract certain binaries to a predefined writable folder during installation. Standard user accounts can write to these files and folders, allowing them to be replaced during installation and potentially leading to a DLL hijacking vulnerability.

Impact

Exploitation of this vulnerability could allow for unauthorized privilege escalation, with the potential for DLL hijacking.

Remediation

Users can apply the security patch mentioned in the Revenera community article titled 'CVE-2023-29080 Security Patch for the Possible Privileged Escalation Scenarios Identified in InstallShield'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Revenera InstallShield Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Revenera InstallShield

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating