Vulnerability Details CVE-2016-4560
Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21984949
- http://www-01.ibm.com/support/docview.wss?uid=swg21985483
- http://www.securityfocus.com/bid/90979
- http://www.securitytracker.com/id/1036478
- https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues
- http://www-01.ibm.com/support/docview.wss?uid=swg21984949
- http://www-01.ibm.com/support/docview.wss?uid=swg21985483
- http://www.securityfocus.com/bid/90979
- http://www.securitytracker.com/id/1036478
- https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues
Products affected by CVE-2016-4560
-
cpe:2.3:a:flexerasoftware:installanywhere:-