CVE-2024-24810

EPSS 0.05%
Veröffentlicht 07.02.2024 03:15:50
Zuletzt bearbeitet 21.11.2024 08:59:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Firegiant ≫ Wix Toolset Version < 3.14.0

Firegiant ≫ Wix Toolset Version >= 4.0.0 < 4.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.151

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-24810

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24810

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24810

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-24810