- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Re: ISSetup.dll of InstallShield 2016 crashes in the environment of Windows 2008 SP2 + KB
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
ISSetup.dll of InstallShield 2016 crashes in the environment of Windows 2008 SP2 + KB
In the environment of Windows 2008 SP2 + KB 3063858, ISSetup.dll of InstallShield 2016 will crash with the following error.
==================================================================================
Log Name: Application
Source: Application Error
Date: 02/17/2017 15:23:36
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: ML350-01-2
Description:
Faulting application setup.exe_Dynamic Link Manager, version 8.51.0.16, time stamp 0x57b887df, faulting module ISSetup.dll, version 23.0.0.288, time stamp 0x57b88733, exception code 0xc0000005, fault offset 0x0007360a, process id 0xff4, application start time 0x01d288e644c4df15.
Event Xml:
1000
2
100
0x80000000000000
2023
Application
ML350-01-2
setup.exe_Dynamic Link Manager
8.51.0.16
57b887df
ISSetup.dll
23.0.0.288
57b88733
c0000005
0007360a
ff4
01d288e644c4df15
==================================================================================
Although I did not crash when I built the same InstallShield project with InstallShield 2013 SP1,
- Crash on InstallShield 2013 SP1 + CVE-2016-2542 patch.
- After upgrading to InstallShield 2016, crash even when building it.
It will not crash if you build against recently released InstallShield 2016 + SP1.
I tried this with the following combination, and the result was the following.
[Windows 2008 SP2 + KB3063858]
InstallShield 2013 SP1 - do not crash
InstallShield 2013 SP1+CVE-2016-2542 - crash
InstallShield 2016 - crash
InstallShield 2016SP1 - do not crash
[Windows 2008 SP1 + KB2533623]
InstallShield 2013 SP1 - do not crash
InstallShield 2013 SP1+CVE-2016-2542 - crash
InstallShield 2016 - crash
InstallShield 2016SP1 - do not crash
[Windows 2008 SP2]
InstallShield 2013SP1 - do not crash
InstallShield 2013SP1+CVE-2016-2542 - do not crash
InstallShield 2016 - do not crash
InstallShield 2016SP1 - do not crash
It seems that the phenomenon is occurring under the following conditions to guess from there.
- In an environment where Hotfix that updates Kernel32.dll on Windows 2008 is applied,
- Installer built with InstallShield with CVE-2016-2542 or InstallShield 2016 (without SP)
Since it did not occur in InstallShield 2016 SP1, it seems that something has been modified and it can be installed normally like CVE-2016-2542 earlier.
So, if someone you know exists, would you please answer the following four questions?
(1) In InstallShield 2016 Known Issues
https://flexeracommunity.force.com/customer/articles/en_US/INFO/InstallShield-2016-Known-Issues
"IOJ-1771076 InstallScript Setup Launcher Unicode has stopped working during setup initialization"
I think it is the same phenomenon as IOJ-1771076, but is there recognition?
(2) Looking at InstallShield 2016 Release Notes,
https://akamaiesd.flexnetoperations.com/29992/157/10627157/InstallShield2016PremierProfessional_ReleaseNotes.pdf?ftpRequestID=4735771677&server=akamaiesd.flexnetoperations.com&dtm=DTM20170220001523NzA0NjYzOTI1&authparam=1487578523_e937335a2c337da425063104386e0079&ext=.pdf
In InstallShield 2016 SP1, it seems that countermeasures of IOJ-1771076 are done.
"An issue has been resolved that was causing some InstallScript setups on Windows 7 machines to encounter a crash that was environment-specific."
In this case, what kind of environment is "environment-specific" specifically?
ex. Windows xxxx + SPn + KBxxxxxx etc.
(3) Are measures against InstallShield 2016 SP1's IOJ-1771076 countermeasures against other environments than Windows 7?
(4) Even though CVE-2016-2542 seems to have caused the same problem as InstallShield 2016 IOJ-1771076, would you consider that a separate hotfix will be issued?
Thank you.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
IS 2016 SP1 changes how and what we use to mitigate CVE-2016-2542. This change is also not specific to any version of Windows but is implemented for all versions supported by InstallShield. Most of the hotfixes available here have been updated for more recent versions of InstallShield with the same fix for IS 2016 SP1 to avoid unexpected behavior. These were updated around mid/late-February. You should be able to download an updated version for IS 2013 SP1 that includes the 2016 SP1 changes.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Is there a chance to download the hotfix IOJ-1771076? Because I'm having an issue with an installer on Windows 2008 SP2, but I don't have the InstallScript project available.
Thanks!
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content