Unrated severityNVD Advisory· Published Jun 4, 2008· Updated Apr 23, 2026

CVE-2008-2547

Description

Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.

Affected products

Microsoft/Windows Installer3 versions
cpe:2.3:a:microsoft:windows_installer:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:windows_installer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_installer:3.1.4000.1823:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_installer:4.5.6001.22159:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.024
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000