CVE-2023-29081: InstallShield Symlink Vulnerability Affecting Suite Project Setups
CVE-2023-29081: InstallShield Symlink Vulnerability Affecting Suite Project Setups
Summary
A vulnerability has been reported in the Suite Setups built with prior versions of InstallShield 2023 R2. This vulnerability may allow Denial of Service (DoS) escalation when a low privilege user moves secured temporary folder and creates a Symlink Junction during suite setup installation.
Description
There are two secured temp directories created during the suite installation. In general, a user with standard rights cannot create/modify the contents of this secured directory. However, it was found that a certain move operation violates this condition using the standard credentials. This may allow a low privilege user to move this temp directory to another location during suite setup installation and create a Symbolic Junction (pointing to windows system files) with the same folder name.
After the installation, the suite setup process deletes the temp folders along with the Directory Junction and its target contents (including Windows system files). This may affect the Windows operating system initialization once the system is rebooted and may result in Denial of Service (DOS).
Fix Version and Resolution
This issue has been fixed in InstallShield 2023 R2 release. You can download the release from your Product and License Center (PLC) or from 'Update Product' option within InstallShield IDE.
Note: You must have a community login with PLC access or the old product installed to download the InstallShield 2023 R2 release.
