CVE-2024-24810

EUVD-2024-0564
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
firegiantwix_toolset
𝑥
< 3.14.0
firegiantwix_toolset
4.0.0 ≤
𝑥
< 4.0.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
firegiantwix_toolset
𝑥
< 3.14.0
ADP
firegiantwix_toolset
4.0.0 ≤
𝑥
< 4.0.4
ADP
Common Weakness Enumeration
References
https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5
https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5