Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
References
Link | Resource |
---|---|
http://heimdal.com | Not Applicable |
https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC | Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2022-03-10 17:46
Updated : 2024-02-28 19:09
NVD link : CVE-2022-24618
Mitre link : CVE-2022-24618
CVE.ORG link : CVE-2022-24618
JSON object : View
Products Affected
heimdalsecurity
- heimdal_premium_security
CWE
CWE-281
Improper Preservation of Permissions