CVE-2024-24810

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*
cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*

History

14 Feb 2024, 20:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.2
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*
References () https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 - () https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 - Vendor Advisory
First Time Firegiant
Firegiant wix Toolset

07 Feb 2024, 13:41

Type Values Removed Values Added
Summary
  • (es) El conjunto de herramientas WiX permite a los desarrolladores crear instaladores para Windows Installer, el motor de instalación de Windows. La carpeta .be TEMP es vulnerable a ataques de redirección de DLL que permiten al atacante escalar privilegios. Esto afecta a cualquier instalador creado con el marco de instalación de WiX. Este problema se solucionó en la versión 4.0.4.

07 Feb 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 03:15

Updated : 2024-02-14 20:12


NVD link : CVE-2024-24810

Mitre link : CVE-2024-24810

CVE.ORG link : CVE-2024-24810


JSON object : View

Products Affected

firegiant

  • wix_toolset
CWE
CWE-426

Untrusted Search Path