Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
References
Link | Resource |
---|---|
http://heimdal.com | Not Applicable |
https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC | Release Notes Vendor Advisory |
http://heimdal.com | Not Applicable |
https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC | Release Notes Vendor Advisory |
Configurations
History
21 Nov 2024, 06:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://heimdal.com - Not Applicable | |
References | () https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC - Release Notes, Vendor Advisory |
Information
Published : 2022-03-10 17:46
Updated : 2024-11-21 06:50
NVD link : CVE-2022-24618
Mitre link : CVE-2022-24618
CVE.ORG link : CVE-2022-24618
JSON object : View
Products Affected
heimdalsecurity
- heimdal_premium_security
CWE
CWE-281
Improper Preservation of Permissions