CVE-2008-2547

Name of the Vulnerable Software and Affected Versions Microsoft Windows Installer versions 3.1.4000.1823 through 4.5.6001.22159

Description A stack-based buffer overflow issue exists, allowing context-dependent attackers to execute arbitrary code via a long GUID value for the /x (also known as /uninstall) option. This issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.

Recommendations For Microsoft Windows Installer versions 3.1.4000.1823 through 4.5.6001.22159, consider restricting access to msiexec.exe to minimize the risk of exploitation, especially when reachable via components like ActiveX controls. At the moment, there is no information about a newer version that contains a fix for this vulnerability.