Windows Installer
by Microsoft
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-23276 | Hig | 0.51 | 7.8 | 0.00 | Aug 2, 2025 | NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering. | ||
| CVE-2016-7292 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2016 | The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain… | ||
| CVE-2018-8339 | Hig | 0.46 | 7.0 | 0.01 | Aug 15, 2018 | An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows… | ||
| CVE-2018-0868 | Hig | 0.46 | 7.0 | 0.01 | Mar 14, 2018 | Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability… | ||
| CVE-2021-41379 | 0.18 | — | 0.20 | KEV | Nov 10, 2021 | Windows Installer Elevation of Privilege Vulnerability | ||
| CVE-2020-0683 | 0.18 | — | 0.08 | KEV | Feb 11, 2020 | An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686. | ||
| CVE-2021-43883 | 0.01 | — | 0.12 | Dec 15, 2021 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2021-26415 | 0.01 | — | 0.04 | Apr 13, 2021 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2008-2547 | 0.01 | — | 0.08 | Jun 4, 2008 | Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if… | |||
| CVE-2026-23656 | 0.00 | — | 0.00 | Mar 10, 2026 | Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-62571 | 0.00 | — | 0.00 | Dec 9, 2025 | Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-21331 | 0.00 | — | 0.01 | Jan 14, 2025 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2025-21275 | 0.00 | — | 0.01 | Jan 14, 2025 | Windows App Package Installer Elevation of Privilege Vulnerability | |||
| CVE-2024-21436 | 0.00 | — | 0.01 | Mar 12, 2024 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2023-36705 | 0.00 | — | 0.01 | Nov 14, 2023 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2023-32053 | 0.00 | — | 0.00 | Jul 11, 2023 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2023-32050 | 0.00 | — | 0.00 | Jul 11, 2023 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2023-32016 | 0.00 | — | 0.01 | Jun 13, 2023 | Windows Installer Information Disclosure Vulnerability | |||
| CVE-2023-24904 | 0.00 | — | 0.01 | May 9, 2023 | Windows Installer Elevation of Privilege Vulnerability | |||
| CVE-2023-21800 | 0.00 | — | 0.01 | Feb 14, 2023 | Windows Installer Elevation of Privilege Vulnerability |
- risk 0.51cvss 7.8epss 0.00
NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering.
- risk 0.51cvss 7.8epss 0.01
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows…
- risk 0.46cvss 7.0epss 0.01
Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability…
- risk 0.18cvss —epss 0.20
Windows Installer Elevation of Privilege Vulnerability
- risk 0.18cvss —epss 0.08
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
- CVE-2021-43883Dec 15, 2021risk 0.01cvss —epss 0.12
Windows Installer Elevation of Privilege Vulnerability
- CVE-2021-26415Apr 13, 2021risk 0.01cvss —epss 0.04
Windows Installer Elevation of Privilege Vulnerability
- CVE-2008-2547Jun 4, 2008risk 0.01cvss —epss 0.08
Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if…
- CVE-2026-23656Mar 10, 2026risk 0.00cvss —epss 0.00
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-62571Dec 9, 2025risk 0.00cvss —epss 0.00
Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
- CVE-2025-21331Jan 14, 2025risk 0.00cvss —epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- CVE-2025-21275Jan 14, 2025risk 0.00cvss —epss 0.01
Windows App Package Installer Elevation of Privilege Vulnerability
- CVE-2024-21436Mar 12, 2024risk 0.00cvss —epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-36705Nov 14, 2023risk 0.00cvss —epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-32053Jul 11, 2023risk 0.00cvss —epss 0.00
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-32050Jul 11, 2023risk 0.00cvss —epss 0.00
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-32016Jun 13, 2023risk 0.00cvss —epss 0.01
Windows Installer Information Disclosure Vulnerability
- CVE-2023-24904May 9, 2023risk 0.00cvss —epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-21800Feb 14, 2023risk 0.00cvss —epss 0.01
Windows Installer Elevation of Privilege Vulnerability
Page 1 of 3