CVE-2024-29187

WiX based installers are vulnerable to binary hijack when run as SYSTEM

CVSS 7.3 HIGHEPSS 0.5%CWE-732

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 mar 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

wixtoolset · issues

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9 https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7