EUVD-2024-54679
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Lifecycle Timeline
3Description
A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.
Analysis
CVE-2024-7562 is an elevated privilege vulnerability in InstallShield-generated Standalone MSI installers when multiple InstallScript custom actions are configured. An authenticated local attacker can exploit this to gain high-privilege code execution on the target system. All supported versions (InstallShield 2023 R2, 2022 R2, and 2021 R2) are affected; KEV status and active exploitation data were not provided in available intelligence sources, though the local attack vector and privilege escalation impact suggest moderate real-world risk.
Technical Context
InstallShield is a commercial software deployment platform that generates Windows Installer (MSI) packages. The vulnerability exists in how InstallShield constructs and sequences multiple InstallScript custom actions within MSI-based installers. InstallScript custom actions execute during the installation process with elevated privileges, and the presence of multiple chained custom actions creates an attack surface for privilege escalation. The root cause maps to CWE-379 (Creation of Temporary File in Directory with Insecure Permissions), indicating that the vulnerability likely involves improper handling of temporary files or resources during custom action execution, allowing a local unprivileged process to manipulate or intercept privileged operations. Affected CPE scope: Software developed using InstallShield 2023 R2, InstallShield 2022 R2, and InstallShield 2021 R2 to build MSI packages with multiple custom actions.
Affected Products
InstallShield 2023 R2 (all builds): generates vulnerable MSI packages when configured with multiple InstallScript custom actions. InstallShield 2022 R2 (all builds): same configuration vulnerability. InstallShield 2021 R2 (all builds): same configuration vulnerability. Affected software includes any application packaged using these InstallShield versions with multiple custom actions enabled. CPE pattern: cpe:2.3:a:flexerasoftware:installshield:2023:r2:*:*:*:*:*:* (and 2022 R2, 2021 R2 variants). Software vendors using vulnerable InstallShield versions are indirectly affected; end-users are affected through installed MSI packages built with vulnerable configurations.
Remediation
1. InstallShield users should upgrade to patched versions when released by Flexera Software (patch versions and release dates were not specified in available intelligence; consult official Flexera security advisories). 2. As interim mitigation, software vendors using InstallShield should review MSI packages with multiple custom actions and consider refactoring to reduce custom action complexity or eliminating unnecessary chained actions. 3. System administrators should restrict local access and enforce principle of least privilege to limit attack surface (only authenticated local users can trigger the exploit). 4. Monitor for suspicious temporary file creation or manipulation during software installation. 5. Contact Flexera Software (flexera.com/security or security advisories) for official patch timelines and guidance. Reference vendor security bulletin for exact patch versions and deployment procedures.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today