Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2024-3310: Privilege Escalation Vulnerability During MSI Repair

CVE-2024-3310: Privilege Escalation Vulnerability During MSI Repair


A vulnerability has been reported in the Basic MSI and InstallScript MSI (64-bit) Setups if configured with the options below:

  1. The project has Folder and Registry Permissions configured using 'Locked-Down Permissions' option set to 'Custom InstallShield handling'
  2. The Self-register option is configured with 'InstallShield Self-Registration table (ISSelfReg)'

Note: All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue. 

This article provides details about this potential vulnerability and the remediation steps available. 


There is known issue with Windows installer repair that allows a standard user to run MSI repair operations (performed by deferred CA) in NT AUTHORITY\SYSTEM context without requiring administrator credentials. This exploitable nature of MSI repair can present a potential security risk if the file operations from the deferred custom actions are not properly protected from standard user access.

If custom handling option is configured, InstallShield extracts an executable named ISBEW64.exe to the writable TEMP folder, which is used to perform additional tasks like setting file and registry permissions and self-registration of COM servers. This misconfiguration of extracting an executable file to a writable folder along with the MSI repair exploitable behavior could potentially lead to a local privilege escalation by replacing ISBEW64.EXE with a malicious one.


The following workaround options are available to remediate this issue: 

  1. Set 'Locked-Down Permissions' option to 'Traditional Windows Installer handling' or,
  2. Choose 'Windows Installer Self-Registration table (SelfReg)' option

Click the links above for more information about each option.

Fix Version and Resolution

A hotfix for InstallShield 2023 R2 is available for download here: InstallShield MSI Repair-Privilege Escalation using Custom Handling Hotfix

Additional Information

Thank you to Kravets Vasiliy for identifying this issue and disclosing it to Revenera.

Labels (2)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Apr 10, 2024 01:03 PM
Updated by: