Jump to content

This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.

Security Hotfix for InstallShield and AdminStudio

No replies to this topic

Stefan Krueger

Stefan Krueger


  • Administrators
  • 13,269 posts

Posted 14 November 2011 - 11:28

Flexera Software published a security hotfix for their InstallShield and AdminStudio product lines.

The hotfix is available for the following product versions:
  • InstallShield 2009
  • InstallShield 2010
  • InstallShield 2011
  • InstallShield Limited Editions
  • AdminStudio 9.0
  • AdminStudio 9.5
  • AdminStudio 10.0
  • AdminStudio Limited Editions

Newer versions (e.g. InstallShield 2012) are not affected.

The knowledge base article doesn't say anything about older versions of InstallShield and AdminStudio, most of which are end of life and no longer supported. Only AdminStudio versions 8.0, 8.5 and 8.6 are still supported until March 1st, 2012. It's currently unclear if these versions are affected by the security problem and if there will be a hotfix. (Flexera Software's end of life policy can be found at http://www.flexeraso...nd-of-life.htm)

I didn't find technical details about the vulnerability, but Tippingpoint lists advisory ZDI-CAN-1192 which is yet unpublishedand may or may not be related to this hotfix. This advisory has a CVSS severity rating of 10, because the vulnerability can be exploited over the network, the complexity of the attack is low, and no authentication is required.

The security hotfix is not offered automatically via the update manager. Instead you have to download it from Knowledge Base article Q201079.