CVE-2016-4560 - Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges

CVE-2016-4560

Summary

Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

References

Vulnerable Configurations

cpe:2.3:a:flexerasoftware:installanywhere:-:*:*:*:*:*:*:*
cpe:2.3:a:flexerasoftware:installanywhere:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 28-11-2016 - 20:18)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	90979
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21984949 http://www-01.ibm.com/support/docview.wss?uid=swg21985483 https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues
sectrack	1036478

Last major update

28-11-2016 - 20:18

Published

02-07-2016 - 14:59

Last modified

28-11-2016 - 20:18