PDA

View Full Version : Cybersecurity threat in Installshield



megha_3781
10-19-2018, 01:37 AM
We have been using Installshield since 10 years. We have BASIC MSI projects.
Recently we did Binary scan for our Installshield generated executables as part of cybersecurity compliance.

For all those projects we are getting ZLib 1.2.3 version vulnerability.
1.2.8 and below has this vulnerability.
1.2.11 doesn't have this issue and this should be referred.

https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/version_id-214474/GNU-Zlib-1.2.8.html

Please see the above link.
We made a test setup with no files. Even that showed the same result in scan.
We tried in Installshield 2013, 2015, 2018.

Why Installshield is still referring to ZLib 1.2.3?

Is there any workaround or patch to fix this issue?