This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Re: InstallShield 2015 LE & Hotfix "IOJ-1745445"
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
‎Mar 02, 2017
05:21 AM
InstallShield 2015 LE & Hotfix "IOJ-1745445"
I have 2 questions about InstallShield Hotfix IOJ-1745445 and CVE-2016-2542.
Question 1)
I am using visualstudio 2015 Professional and InstallShield 2015 Limited Edition.
The name of the installer file I installed is "InstallShield 2015LimitedEdition.exe" and the version is 22.0.1.0.
In case of "InstallShield 2015 Limited Edition", is InstallShield hotfix "IOJ - 1745445" applied to solve the problem?
Is it effective to apply InstallShield's hotfix "IOJ - 1745445"?
The file name of hotfix is IS2015_IOJ - 1745445.exe.
Question 2)
Is it possible to uninstall "IOJ - 1745445" and return it to the state before applying it?
Answer please.
Question 1)
I am using visualstudio 2015 Professional and InstallShield 2015 Limited Edition.
The name of the installer file I installed is "InstallShield 2015LimitedEdition.exe" and the version is 22.0.1.0.
In case of "InstallShield 2015 Limited Edition", is InstallShield hotfix "IOJ - 1745445" applied to solve the problem?
Is it effective to apply InstallShield's hotfix "IOJ - 1745445"?
The file name of hotfix is IS2015_IOJ - 1745445.exe.
Question 2)
Is it possible to uninstall "IOJ - 1745445" and return it to the state before applying it?
Answer please.
(2) Replies
‎Mar 10, 2017
09:47 AM
You are able to apply IS2015_IOJ-1745445.exe to your Limited Edition installation which will help reduce the risks seen in CVE-2016-2542. Once installed the hotfix cannot be uninstalled, but you can see the files that are updated at the link below.
** Please note that the hotfix is applicable to all editions of InstallShield 2015 and not all files listed as being updated are included in the Limited Edition.
==========
Setup authors can avoid the DLL Preloading issue by (a) not creating setup launcher executables, or (b) by creating setup launcher executables built with InstallShield Hotfix IOJ-1745445 and not using the name setup.exe for those executables. Setup launcher executables built using this hotfix call new Windows APIs which restrict the search path used to find libraries, even dependent libraries.
Setup authors can avoid the Binary Planting issue (a) by not creating setup launcher executables, or (b) by referencing the full path of each executable launched by a setup launcher executable.
Setup authors can avoid the Unquoted Service Path issue by quoting the full path of each executable which is registered as a service by a setup launcher executable.
Custom actions implemented as an executable run as their own process, so they cannot inherit the benefit of InstallShield Hotfix IOJ-1745445 calling the new Windows APIs.
https://flexeracommunity.force.com/customer/articles/en_US/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues
==========
** Please note that the hotfix is applicable to all editions of InstallShield 2015 and not all files listed as being updated are included in the Limited Edition.
==========
Setup authors can avoid the DLL Preloading issue by (a) not creating setup launcher executables, or (b) by creating setup launcher executables built with InstallShield Hotfix IOJ-1745445 and not using the name setup.exe for those executables. Setup launcher executables built using this hotfix call new Windows APIs which restrict the search path used to find libraries, even dependent libraries.
Setup authors can avoid the Binary Planting issue (a) by not creating setup launcher executables, or (b) by referencing the full path of each executable launched by a setup launcher executable.
Setup authors can avoid the Unquoted Service Path issue by quoting the full path of each executable which is registered as a service by a setup launcher executable.
Custom actions implemented as an executable run as their own process, so they cannot inherit the benefit of InstallShield Hotfix IOJ-1745445 calling the new Windows APIs.
https://flexeracommunity.force.com/customer/articles/en_US/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues
==========
‎Mar 17, 2017
02:07 AM
Hello jKell,
Thank you for your response regarding InstallShield 2015 LE and CVE - 2016 - 2542.
thank you.
panda
Thank you for your response regarding InstallShield 2015 LE and CVE - 2016 - 2542.
thank you.
panda