CVE-2016-2542

Name of the Vulnerable Software and Affected Versions Flexera InstallShield through 2015 SP1 AVEVA Edge InstallShield (affected versions not specified)

Description The issue is related to an untrusted search path vulnerability that allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. It is also associated with the possibility of substituting a dynamic library, which can allow an attacker to execute arbitrary code or elevate their privileges.

Recommendations For Flexera InstallShield through 2015 SP1: Update to a version later than 2015 SP1 to resolve the issue. For AVEVA Edge InstallShield: At the moment, there is no information about a newer version that contains a fix for this vulnerability.