CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Link	Resource
http://caphyon.com	Product
https://gerr.re/posts/cve-2022-27438/	Exploit Third Party Advisory
http://advanced.com	Product
https://www.advancedinstaller.com/security-updates-auto-updater.html	Patch Vendor Advisory

Configuration 1

cpe:2.3:a:caphyon:advanced_installer:*:*:*:*:*:*:*:* cpe:2.3:a:realdefense:mypasslock:1.9.6:*:*:*:*:*:*:* cpe:2.3:a:realdefense:mycleanpc:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:realdefense:mycleanid:4.1.4:*:*:*:*:*:*:* cpe:2.3:a:prusa3d:prusaslicer:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:plagiarismcheckerx:plagiarism_checker_x:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:vigem:vigembus_driver:1.16.116:*:*:*:*:*:*:* cpe:2.3:a:nefarius:scptoolkit:1.6.238.16010:*:*:*:*:*:*:* cpe:2.3:a:moonsoftware:password_agent:20.10.1:*:*:*:*:*:*:* cpe:2.3:a:getmailbird:mailbird:2.9.50.0:*:*:*:*:*:*:* cpe:2.3:a:krylack:burning_suite:1.20.05:*:*:*:*:*:*:* cpe:2.3:a:krylack:rar_password_recovery:3.70.69:*:*:*:*:*:*:* cpe:2.3:a:krylack:volume_serial_number_editor:2.02.34:*:*:*:*:*:*:* cpe:2.3:a:krylack:zip_password_recovery:3.70.69:*:*:*:*:*:*:* cpe:2.3:a:krylack:asterisks_password_decryptor:3.31.107:*:*:*:*:*:*:* cpe:2.3:a:krylack:archive_password_recovery:3.70.69:*:*:*:*:*:*:* cpe:2.3:a:jpsoft:take_command:28.2.18:*:*:*:*:*:*:* cpe:2.3:a:jki:vi_package_manager:21.1.2754:*:*:*:*:*:*:* cpe:2.3:a:honeygain:honeygain:0.10.7.0:*:*:*:*:windows:*:* cpe:2.3:a:guzogo:guzogo:1.0.5.0:*:*:*:*:*:*:* cpe:2.3:a:gamecaster:gamecaster:4.0.2109.2802:*:*:*:*:*:*:* cpe:2.3:a:gainedge:better_explorer:2020.3.15.1304:*:*:*:*:*:*:* cpe:2.3:a:fxsound:fxsound:1.1.12.0:*:*:*:*:*:*:* cpe:2.3:a:freesnippingtool:free_snipping_tool:5.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:flamory:flamory:4.2.19.0:*:*:*:*:*:*:* cpe:2.3:a:emeditor:emeditor:21.3.0:*:*:*:*:*:*:* cpe:2.3:a:codesector:direct_folders:4.0:*:*:*:*:*:*:* cpe:2.3:a:boom:boomtv_streamer_portal:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:codesector:teracopy:3.8.5:*:*:*:*:*:*:* cpe:2.3:a:3cx:crm_template_generator:2.1.23:*:*:*:*:*:*:* cpe:2.3:a:3cx:call_flow_designer:18.2.13:*:*:*:*:*:*:* cpe:2.3:a:vpnhood:vpnhood:2.4.299:*:*:*:*:windows:*:* cpe:2.3:a:vrdesktop:virtual_desktop_streamer:1.20.16:*:*:*:*:*:*:* cpe:2.3:a:urban-vpn:urban_vpn:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:xsplit:xsplit_express_video_editor:3.0.2001.801:*:*:*:*:*:*:* cpe:2.3:a:rovio:bad_piggies:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:rovio:angry_birds_space:1.4.1:*:*:*:*:*:*:* cpe:2.3:o:rstinstruments:rstar_rtu_host:1.33.0:*:*:*:*:*:*:* cpe:2.3:a:rstinstruments:ipi_utility:1.05.0:*:*:*:*:*:*:* cpe:2.3:a:rstinstruments:inclinalysis_digital_inclinometer:2.48.9:*:*:*:*:*:*:*

---

Published : 2022-06-06 11:15

Updated : 2022-10-19 12:51

---

NVD link : CVE-2022-27438

Mitre link : CVE-2022-27438

3cx

Crm Template Generator

CWE-494

Download of Code Without Integrity Check