CVE-2024-24810

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
GitHub_MCNA
8.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
firegiantwix_toolset
𝑥
< 3.14.0
firegiantwix_toolset
4.0.0 ≤
𝑥
< 4.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5
https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5