VYPR
High severityNVD Advisory· Published Feb 7, 2024· Updated Aug 1, 2024

WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges

CVE-2024-24810

Description

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
wixNuGet
>= 4.0.0, < 4.0.44.0.4
wixNuGet
< 3.14.03.14.0

Affected products

2
  • ghsa-coords
    Range: >= 4.0.0, < 4.0.4
  • wixtoolset/issuesv5
    Range: <= 4.0.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.