Loading
search-img
Title
CVE-2024-3310: Privilege Escalation Vulnerability During MSI Repair

Summary

A vulnerability has been reported in the Basic MSI and InstallScript MSI (64-bit) Setups if configured with the options below:

  1. The project has Folder and Registry Permissions configured using 'Locked-Down Permissions' option set to 'Custom InstallShield handling'
  2. The Self-register option is configured with 'InstallShield Self-Registration table (ISSelfReg)'

Note: All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue. 

This article provides details about this potential vulnerability and the remediation steps available. 

Description

There is known issue with Windows installer repair that allows a standard user to run MSI repair operations (performed by deferred CA) in NT AUTHORITY\SYSTEM context without requiring administrator credentials. This exploitable nature of MSI repair can present a potential security risk if the file operations from the deferred custom actions are not properly protected from standard user access.

If custom handling option is configured, InstallShield extracts an executable named ISBEW64.exe to the writable TEMP folder, which is used to perform additional tasks like setting file and registry permissions and self-registration of COM servers. This misconfiguration of extracting an executable file to a writable folder along with the MSI repair exploitable behavior could potentially lead to a local privilege escalation by replacing ISBEW64.EXE with a malicious one.

Workaround

The following workaround options are available to remediate this issue: 

  1. Set 'Locked-Down Permissions' option to 'Traditional Windows Installer handling' or,
  2. Choose 'Windows Installer Self-Registration table (SelfReg)' option

Click the links above for more information about each option.

Fix Version and Resolution

A hotfix for InstallShield 2023 R2 is available for download here: InstallShield MSI Repair-Privilege Escalation using Custom Handling Hotfix

Additional Information

Thank you to Kravets Vasiliy for identifying this issue and disclosing it to Revenera.

Was this helpful?
Support Hub
Create a case with Support
0/255
Upload Attachment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to cancel the case creation?

Are you sure you want to close this case

Get Hotline support
Products Region Phone Numbers
FlexNet Operations
FlexNet Embedded
FlexNet Publisher
FlexNet Connect
FlexNet Code Insight
InstallAnywhere
InstallShield 		North America  * +1 630-332-2513 (toll)
+1 877-279-2853 (toll-free in North America)
Europe  * +44 1925 944367 (toll)
+44 800 047 8642 (toll-free in Europe)
Japan  * +81 3-4540-5335 (select option 2)
Australia  * +61 3 9895 2177
+61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics)
Compliance Intelligence 		Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.
Book an Appointment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)
+1.800.374.4353
CONTACT US REVENERA.COM FLEXERA.com
© 2026 Flexera Software. All Rights Reserved.
Privacy policy Terms and conditions Flexera Community Contact Us
Loading
CVE-2024-3310: Privilege Escalation Vulnerability During MSI Repair