Windows Installer Provider Security Considerations

The Windows Installer Provider allows remote installation of a user specified Installer Package or a Microsoft Windows Installer package file. Improper or unauthorized use of this provider could result in remote execution of code, leaking of high privileged credentials, compromise or damage to the remote or local server. MPF Developers and Administrators should take special care when using or exposing this API through higher level namespaces or user interfaces. Here are a few key considerations:

For more general content about input sources and effective data validation for MPS, see Input Validation and Protection against Injection Attacks.