MidnightBSD

Advisories for caphyon

CVE-2022-27438 MEDIUM

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,

Products Affected

Vendor Product Version
3cx crm_template_generator 2.1.23
guzogo guzogo 1.0.5.0
rstinstruments dt2050_firmware 1.19.4.0
synaptics displaylink_usb_graphics *
rstinstruments ir420_firmware 1.4.0.2
krylack volume_serial_number_editor 2.02.34
rstinstruments dt2040_firmware 1.19.4.0
urban-vpn urban_vpn 2.2.5
rstinstruments sg350_firmware 1.4.0.2
rstinstruments dt2050b_firmware 1.19.4.0
rstinstruments dtl201b/2b_firmware 1.19.4.0
rstinstruments c109_firmware 1.4.0.2
rstinstruments ic6660_firmware 1.19.4.0
rstinstruments dt2350_firmware 1.19.4.0
rstinstruments rtu_firmware 1.19.4.0
krylack burning_suite 1.20.05
vrdesktop virtual_desktop_streamer 1.20.16
rstinstruments inclinalysis_digital_inclinometer 2.48.9
rstinstruments th2016_firmware 1.4.0.2
krylack asterisks_password_decryptor 3.31.107
rstinstruments rstar_rtu_host 1.33.0
rstinstruments vw2106_firmware -
getmailbird mailbird 2.9.50.0
krylack zip_password_recovery 3.70.69
rstinstruments qb120_firmware 1.4.0.2
caphyon advanced_installer *
codesector teracopy 3.8.5
rstinstruments ipi_utility 1.05.0
rstinstruments dt2055b_firmware 1.19.4.0
realdefense mypasslock 1.9.6
boom boomtv_streamer_portal 2.2.1
vpnhood vpnhood 2.4.299
flamory flamory 4.2.19.0
rstinstruments dt2485_firmware 1.19.4.0
rstinstruments ma7_firmware 1.4.0.2
realdefense mycleanpc 4.0.2
rstinstruments portable_tilt_meter_firmware 1.20.1
honeygain honeygain 0.10.7.0
realdefense mycleanid 4.1.4
xsplit xsplit_express_video_editor 3.0.2001.801
rstinstruments dt4205_firmware 1.19.4.0
rstinstruments dt2011b_firmware 1.19.4.0
3cx call_flow_designer 18.2.13
rstinstruments mems_tilt_meter_firmware 1.20.1
emeditor emeditor 21.3.0
jpsoft take_command 28.2.18
rstinstruments mtcm_firmware 1.19.4.0
rstinstruments th2016b_firmware 1.4.0.2
krylack archive_password_recovery 3.70.69
krylack rar_password_recovery 3.70.69
moonsoftware password_agent 20.10.1
prusa3d prusaslicer 2.4.2
rstinstruments dt2306_firmware 1.19.4.0
rstinstruments ic6560_firmware 1.19.4.0
jki vi_package_manager 21.1.2754
rovio bad_piggies 1.3.0
rstinstruments dt2011_firmware 1.19.4.0
fxsound fxsound 1.1.12.0
rstinstruments gaa2820_firmware 1.19.4.0
gainedge better_explorer 2020.3.15.1304
plagiarismcheckerx plagiarism_checker_x 8.0.6
rstinstruments dtsaa_firmware 1.19.4.0
rstinstruments lp100_firmware 1.4.0.2
codesector direct_folders 4.0
freesnippingtool free_snipping_tool 5.6.0.0
rstinstruments vw0420_firmware 1.33.0
nefarius scptoolkit 1.6.238.16010
rovio angry_birds_space 1.4.1
gamecaster gamecaster 4.0.2109.2802
vigem vigembus_driver 1.16.116
CVE-2022-4956 MEDIUM

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cna@vuldb.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
caphyon advanced_installer 19.7
CVE-2023-25396

Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
caphyon advanced_installer *