Primary

Context

Advanced Installer Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in Advanced Installer versions prior to 22.6. The issue arises from an uncontrolled search path element, allowing low-privileged attackers to execute arbitrary code with SYSTEM privileges. When the installer is run as SYSTEM, it searches for non-existent binaries in standard-user writable locations and executes them if found. Attackers can exploit this by placing a malicious binary in a targeted folder, leading to unauthorized SYSTEM-level code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with SYSTEM privileges.

Remediation

Users can upgrade to Advanced Installer version 22.6 or later to address this vulnerability.

Added: Jul 8, 2025, 6:04 PM

Updated: Jul 8, 2025, 6:04 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advanced Installer Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Advanced Installer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating