High severity7.8NVD Advisory· Published Feb 24, 2016· Updated May 6, 2026

CVE-2016-2542

Description

Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.

Affected products

Flexera/Installshield3 versions
cpe:2.3:a:flexera:installshield:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:flexera:installshield:*:*:*:*:*:*:*:*range: <2015
- cpe:2.3:a:flexera:installshield:2015:-:*:*:*:*:*:*
- cpe:2.3:a:flexera:installshield:2015:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/84213nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035097nvdThird Party AdvisoryVDB Entry
flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-IssuesnvdTechnical DescriptionThird Party Advisory
www.tenable.com/security/tns-2019-08nvdThird Party Advisory
us-cert.cisa.gov/ics/advisories/icsa-20-287-03nvd
www.oracle.com/security-alerts/cpuApr2021.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000