CVE-2024-24810

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*
cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*

History

14 Feb 2024, 20:12

Type Values Removed Values Added
References () https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 - () https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 - Vendor Advisory
First Time Firegiant
Firegiant wix Toolset
CPE cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

07 Feb 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 03:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-24810

Mitre link : CVE-2024-24810

CVE.ORG link : CVE-2024-24810


JSON object : View

Products Affected

firegiant

  • wix_toolset
CWE
CWE-426

Untrusted Search Path