CVE-2022-24618

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
Configurations

Configuration 1 (hide)

cpe:2.3:a:heimdalsecurity:heimdal_premium_security:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:50

Type Values Removed Values Added
References () http://heimdal.com - Not Applicable () http://heimdal.com - Not Applicable
References () https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC - Release Notes, Vendor Advisory () https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC - Release Notes, Vendor Advisory

Information

Published : 2022-03-10 17:46

Updated : 2024-11-21 06:50


NVD link : CVE-2022-24618

Mitre link : CVE-2022-24618

CVE.ORG link : CVE-2022-24618


JSON object : View

Products Affected

heimdalsecurity

  • heimdal_premium_security
CWE
CWE-281

Improper Preservation of Permissions