Summary

Setups built out of InstallShield use zlib version 1.2.11 which has a known vulnerability CVE-2018-25032 which is resolved in zlib version 1.2.12. Please note that the vulnerability can't be exploited when using installers built of InstallShield. The library can be exploited only during 'deflating' (compressing) process. zlib is not used for compressing when installers are run. However, we are providing a hotfix as a pre-emptive measure to ensure that installers pass through security scans without any issues

Affected InstallShield Versions

This vulnerability affects InstallShield 2021 and below

Resolution

Engineering has released a hotfix that resolves this issue by updating the old Zlib version 1.2.11 to 1.2.12

Hotfix Links

InstallShield 2021 R2: Download Hotfix

InstallShield 2020 R3 SP1: Download Hotfix

InstallShield 2019 R3: Download Hotfix

InstallShield 2018 and below: Customers are encouraged to upgrade to InstallShield 2019 or above