CVE-2016-2542

Reference Links

• http://www.securityfocus.com/bid/84213
• http://www.securitytracker.com/id/1035097
• https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues
• https://us-cert.cisa.gov/ics/advisories/icsa-20-287-03
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.tenable.com/security/tns-2019-08
• https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 (Advisory)
• https://www.cisa.gov/news-events/ics-advisories/icsa-20-287-03 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• ICSA-22-326-01
• ICSA-20-287-03

Frequently Asked Questions

• What is the severity of CVE-2016-2542?

  CVE-2016-2542 is considered a high severity vulnerability due to its potential for privilege escalation.

• How do I fix CVE-2016-2542?

  To fix CVE-2016-2542, ensure that the setup-launcher executable is executed in a secure directory free from untrusted DLL files.

• Who is affected by CVE-2016-2542?

  CVE-2016-2542 affects users of Flexera InstallShield through 2015 SP1 and various products that integrate InstallShield, including AVEVA Edge 2020 R2 and prior versions.

• What are the consequences of exploiting CVE-2016-2542?

  Exploitation of CVE-2016-2542 can lead to local users gaining elevated privileges on the affected system.

• Is there a workaround for CVE-2016-2542?

  A possible workaround for CVE-2016-2542 is to implement strict folder permission settings to prevent unauthorized access to the current working directory.