WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
References
Link | Resource |
---|---|
https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 20:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 - Vendor Advisory | |
First Time |
Firegiant
Firegiant wix Toolset |
|
CPE | cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
07 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 03:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-24810
Mitre link : CVE-2024-24810
CVE.ORG link : CVE-2024-24810
JSON object : View
Products Affected
firegiant
- wix_toolset
CWE
CWE-426
Untrusted Search Path