Back to search
CVE-2008-2547
Published: Jun 4, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20080603 RE: Windows Installer msiexec GUID Buffer Overflow
mailing-list
x_refsource_BUGTRAQ
win-msiexec-bo(42887)
vdb-entry
x_refsource_XF
20080603 Re: Windows Installer msiexec GUID Buffer Overflow
mailing-list
x_refsource_BUGTRAQ
http://www.aushack.com/200806-msiexec.txt
x_refsource_MISC
20080603 Windows Installer msiexec GUID Buffer Overflow
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now