CVE-2022-4956

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.
Configurations

Configuration 1 (hide)

cpe:2.3:a:caphyon:advanced_installer:19.7:*:*:*:*:*:*:*

History

21 Nov 2024, 07:36

Type Values Removed Values Added
References () https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ - Exploit, Third Party Advisory () https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.240903 - Permissions Required () https://vuldb.com/?ctiid.240903 - Permissions Required
References () https://vuldb.com/?id.240903 - Third Party Advisory () https://vuldb.com/?id.240903 - Third Party Advisory
References () https://www.advancedinstaller.com/release-19.7.1.html#bugfixes - Release Notes () https://www.advancedinstaller.com/release-19.7.1.html#bugfixes - Release Notes

03 Oct 2023, 20:58

Type Values Removed Values Added
References (MISC) https://www.advancedinstaller.com/release-19.7.1.html#bugfixes - (MISC) https://www.advancedinstaller.com/release-19.7.1.html#bugfixes - Release Notes
References (MISC) https://vuldb.com/?ctiid.240903 - (MISC) https://vuldb.com/?ctiid.240903 - Permissions Required
References (MISC) https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ - (MISC) https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ - Exploit, Third Party Advisory
References (MISC) https://vuldb.com/?id.240903 - (MISC) https://vuldb.com/?id.240903 - Third Party Advisory
First Time Caphyon
Caphyon advanced Installer
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:caphyon:advanced_installer:19.7:*:*:*:*:*:*:*

30 Sep 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-30 17:15

Updated : 2024-11-21 07:36


NVD link : CVE-2022-4956

Mitre link : CVE-2022-4956

CVE.ORG link : CVE-2022-4956


JSON object : View

Products Affected

caphyon

  • advanced_installer
CWE
CWE-427

Uncontrolled Search Path Element