CVE-2022-27438

Name of the Vulnerable Software and Affected Versions Caphyon Advanced Installer versions 19.3 and earlier

Description The issue is related to the Advanced Updater function in Caphyon Advanced Installer, which is vulnerable to remote code execution due to the lack of integrity check when handling the CustomDetection binary file with the CustomDetectionParameter. This can be exploited by a remote attacker to execute arbitrary code through a man-in-the-middle attack. The vulnerability can be triggered when an affected installation is started, initiating the update check function.

Recommendations For versions 19.3 and earlier, consider disabling the update check function or restricting access to the CustomDetection parameter until a patch is available. As a temporary workaround, avoid using the CustomDetectionParameter in the update check function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.