A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.
References
Link | Resource |
---|---|
https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.240903 | Permissions Required |
https://vuldb.com/?id.240903 | Third Party Advisory |
https://www.advancedinstaller.com/release-19.7.1.html#bugfixes | Release Notes |
Configurations
History
03 Oct 2023, 20:58
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.advancedinstaller.com/release-19.7.1.html#bugfixes - Release Notes | |
References | (MISC) https://vuldb.com/?ctiid.240903 - Permissions Required | |
References | (MISC) https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ - Exploit, Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.240903 - Third Party Advisory | |
First Time |
Caphyon
Caphyon advanced Installer |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:caphyon:advanced_installer:19.7:*:*:*:*:*:*:* |
30 Sep 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-30 17:15
Updated : 2024-05-17 02:17
NVD link : CVE-2022-4956
Mitre link : CVE-2022-4956
CVE.ORG link : CVE-2022-4956
JSON object : View
Products Affected
caphyon
- advanced_installer
CWE
CWE-427
Uncontrolled Search Path Element