High severityNVD Advisory· Published Feb 7, 2024· Updated Aug 1, 2024
WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
CVE-2024-24810
Description
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wixNuGet | >= 4.0.0, < 4.0.4 | 4.0.4 |
wixNuGet | < 3.14.0 | 3.14.0 |
Affected products
2- wixtoolset/issuesv5Range: <= 4.0.3
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-7wh2-wxc7-9ph5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-24810ghsaADVISORY
- github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5ghsax_refsource_CONFIRMWEB
- github.com/wixtoolset/wix/commit/fec38b6461d0551339139a2fe52403a61942adc0ghsaWEB
News mentions
0No linked articles in our index yet.