Summary

An issue has been identified with the Suite installer’s uninstall process unintentionally deleting target files and folders associated with a symbolic link.

Description

The InstallShield update utility doesn't verify and removes potential symbolic link targets within a user writeable configuration directory on uninstall. This can result in a Denial of Service if e.g., an uninstall is triggered by an administrative user where the uninstaller accesses a configuration directory containing a specially crafted symbolic link.

The preliminary CVSS for this issue: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H (5.6 score)

Resolution

A hotfix to address this issue is available for download from the Product and License Center. The hotfix will be available for the supported versions of InstallShield, which at the time this article is publish, includes InstallShield 2025 R1, InstallShield 2024 R2, and InstallShield 2023 R2.