Remote Code Execution Vulnerability in Advanced Installer's Update Check Function

Remote Code Execution Vulnerability in Advanced Installer's Update Check Function

CVE-2022-27438 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Learn more about our User Device Pen Test.