CVE-2022-27438

HIGH Year: 2022
CVSS v3 Score
8.1
High
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-494
View all →

Vulnerability Description

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Related Vulnerabilities

CVE-2008-3324

HIGH
CVSS:8.1(High)

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd...

CWE-4942008

CVE-2008-3438

HIGH
CVSS:8.1(High)

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS ...

CWE-4942008

CVE-2016-6564

HIGH
CVSS:8.1(High)

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binar...

CWE-4942016

CVE-2018-13012

HIGH
CVSS:8.1(High)

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before...

CWE-4942018

CVE-2019-10240

HIGH
CVSS:8.1(High)

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by...

CWE-4942019

CVE-2019-10248

HIGH
CVSS:8.1(High)

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM...

CWE-4942019