PT-2023-15939 · Caphyon · Caphyon Advanced Installer
Heechan Kim
+1
·
Published
2023-09-30
·
Updated
2024-05-17
·
CVE-2022-4956
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Caphyon Advanced Installer version 19.7
Description
A critical vulnerability has been found in the WinSxS DLL Handler component of Caphyon Advanced Installer. The manipulation leads to an uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public.
Recommendations
For Caphyon Advanced Installer version 19.7, upgrade to version 19.7.1 to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider restricting access to the WinSxS DLL Handler until the update is applied.
Exploit
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Caphyon Advanced Installer