Primary

Context

Inno Setup Privilege Escalation Vulnerability via DLL Hijacking

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Inno Setup versions through 6.2.1, allowing for DLL hijacking. This issue arises when installers or uninstallers are executed under the SYSTEM account, creating a potential vector for malicious DLLs to be loaded and executed, thereby escalating privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation by allowing a user to execute code with elevated rights.

Remediation

Users can update to Inno Setup version 6.2.2 or later, which includes improvements to protect against potential DLL preloading attacks when running installers or uninstallers under the SYSTEM account.

Added: Mar 3, 2026, 7:18 AM

Updated: Mar 3, 2026, 7:18 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

2.8

remediation

7.7

relevance

3.8

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

2.8

remediation

7.7

relevance

3.8

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Inno Setup Privilege Escalation Vulnerability via DLL Hijacking

Vulnerability

Impact

Remediation

Affected Products

Inno Setup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating