CVE-2024-14012
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-10-30
Assigner: Flexera Software LLC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| revenera | installshield | 2023_r1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential privilege escalation issue in Revenera InstallShield version 2023 R1 when running a renamed Setup.exe on Windows. If a local administrator executes the renamed Setup.exe, the MPR.dll may be loaded from an insecure location, which can lead to privilege escalation.
How can this vulnerability impact me? :
The vulnerability can allow a local administrator to escalate privileges by causing the system to load a malicious MPR.dll from an insecure location when running a renamed Setup.exe. This could lead to unauthorized elevated access and potentially compromise system security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Revenera InstallShield to version 2023 R2 or later. Avoid running a renamed Setup.exe as a local administrator until the update is applied.