CVE-2024-29187
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-29187
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29187.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-29187
- Aliases
- Published
- 2024-03-24T19:38:38.140Z
- Modified
- 2025-12-05T04:18:08.906227Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- WiX based installers are vulnerable to binary hijack when run as SYSTEM
- Details
-
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.
- Database specific
{ "cwe_ids": [ "CWE-732" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29187.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29187.json
- https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r
- https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7
- https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9
- https://nvd.nist.gov/vuln/detail/CVE-2024-29187
Affected packages
Git / github.com/wixtoolset/wix
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wixtoolset/wix
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "CoreInitialize",
"file": "src/burn/engine/core.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-16b2d26f",
"digest": {
"length": 4307.0,
"function_hash": "223621071977632368660516478838536570040"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "CopyEngineToWorkingFolder",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-1f872115",
"digest": {
"length": 1102.0,
"function_hash": "47259525711348041565902279177697607383"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"file": "src/burn/engine/cache.h"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-366d9dbc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"160909976873952733855399776313397378327",
"200377720884205141905924073579025551166",
"251270509786953627404786752566553715116",
"320371291959197716465198928447437586718",
"265717895713321994776298517746111854283",
"266289963753848091130790912631745352413",
"227424402785390197468141460753708934770",
"118310879372117008312515400609083061956",
"131880705745306466459626946500895569574",
"38282797751965911918611996801405581254",
"208612850393710901817352691868279631974",
"10604737475925603835265373456310385093",
"11741083759650538040206898721688882144"
]
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"file": "src/burn/engine/userexperience.cpp"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-38a0850e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"79561429554931100307390049803652193843",
"331545621934180822898520714188806351859",
"36423555912110565040174149143142737922",
"69744607253668419934621098747298612524",
"278138078050736414879637710315915415612",
"278517603974526672066095163766414715720",
"226984553317089780071209102788780338934",
"54593958975188589205139192651096087055"
]
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "CacheBundleToWorkingDirectory",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-3f3666a6",
"digest": {
"length": 595.0,
"function_hash": "258876850588292266865721126203142149277"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "CoreApply",
"file": "src/burn/engine/core.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-4f73dae8",
"digest": {
"length": 4980.0,
"function_hash": "137138100560226288196091951053998630349"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "CoreElevate",
"file": "src/burn/engine/core.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-5b1bdc82",
"digest": {
"length": 1003.0,
"function_hash": "213014224726596342492081341128951750146"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "RunUntrusted",
"file": "src/burn/engine/engine.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-6afd27b8",
"digest": {
"length": 1686.0,
"function_hash": "305090836655556377709316903685877376713"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"file": "src/burn/engine/core.cpp"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-769ea481",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293395306276739820564354894154344670567",
"152291969398428971739984642307280915632",
"325321494717040487028288499606860753741",
"285120787877555415107500523328938125105",
"204043414084620827388399629717940145433",
"296403017690569788985016362740016650120",
"222646865889213947659293600571952510358",
"282965404936409877207109029035427600477",
"33476432649661989085636732035915899152",
"207522977561278543638874227017081715245",
"217993845492322872452387145528406999329",
"191327978891015290308455821460193778266",
"33476432649661989085636732035915899152",
"207522977561278543638874227017081715245",
"303634260364474415050288179951477845096",
"61616709028955683953107593453281395703",
"88098028249329871307136386936790342464",
"193576580616128725157738036571038761716"
]
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "CacheBundleToCleanRoom",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-909fbf04",
"digest": {
"length": 466.0,
"function_hash": "228863230524790962931287604365884148671"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-977ce564",
"digest": {
"threshold": 0.9,
"line_hashes": [
"92361452980478391833467789973203263251",
"104410552516329220196951313521950417910",
"271421257650582771222996444079416102547",
"247735855135873838013832283579039668057",
"180088132813687252819820774745096982361",
"75493973492205224611862447361451998048",
"284539301096309036256229236843142837543",
"216099941096355696427697727134664308345",
"221071374673634211929369738274246553713",
"215411060842456594509119392171988302339",
"294028912305438395013017692273767143554",
"315317128671316752106227457162659693595",
"11051479469699333359591765414863630457",
"174143299866324669726980388368049190270",
"201233766611044237634046477485556896624",
"145448508017239669150295686905824661462",
"224546677125086284175989068358295860417",
"235193790997454716956934502145722936307",
"161331324156963907077794137443935316479",
"327843383641867464237645903452593646054",
"311688413865614337654273853963149591864",
"184701777212136730029350719784988950968",
"167464637048890891968897617724332910556",
"197910388031761192073918166539582479377",
"142806433991214383279228975413725704089",
"173665914152033757493436170648614631105",
"177462226281143723591035959188814301776",
"8661771659325225762056297484101370061",
"329115855130663400251195592150092289640",
"248111609458064066647730921355102903003",
"147455454989687467992179155179877944879",
"94097680480269277432841660531209304958",
"82100890890006887779398910280022772600",
"8038144547134594828385152195432198059",
"145744178783613847093770175687822514689",
"211885586876078341398193133565687888289",
"185405925372956297731295617210509151889",
"128777598472438658369448896970016362",
"212534946683479022224242205801550924199",
"99587626251400202345708453835229040880",
"147999993036720932738294299138422776864",
"118870294659819266072309676548872674581",
"259289176950576499527997656177642494216",
"247735855135873838013832283579039668057",
"333078071578934003420237731380776481727",
"78066357820842974752215557154592152190",
"176938715743761155522554813563044998427",
"40162553409241963608386044071193033616"
]
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"file": "src/burn/engine/userexperience.h"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-9d515489",
"digest": {
"threshold": 0.9,
"line_hashes": [
"26619429402343242488294107604485858299",
"322238232617212868858817387995042127148",
"27720323766029319923637636163358778666",
"100081493242300807808546312778603421280"
]
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "CacheEnsureBaseWorkingFolder",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-b4846976",
"digest": {
"length": 965.0,
"function_hash": "44566117595778143836416886006006033376"
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"file": "src/dtf/SfxCA/SfxUtil.cpp"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-c4f061da",
"digest": {
"threshold": 0.9,
"line_hashes": [
"138589889034004959039074746965733431920",
"273065920128931785481456685477379759514",
"129607533145724539058686077071746692073",
"317292233388770139879966992489409492436",
"102712174499057577731811194477877228603",
"267983879099650328771382981579685742224",
"157967919419245382688841572820636511310",
"28440616103203930052877429125661649562",
"184403827264819081966150908372591108756",
"90175340336907662144533283231485920508",
"101449018367219547422254586881881347096",
"41046908756230793908048463967803047034",
"325588912788884522433752980139559079447",
"49904420592163523352071421917943530292",
"120197086023904526953049263198608791169",
"102468877046887708400931546074182583772",
"239185778793067184476737222272633119397",
"89538580196826601574895443744031317540",
"165027847616683430756979982528083720153",
"197832502559384664452165375141411170982",
"222236864401085711569713096652102956163",
"320983739930650470374147308301825142980",
"102712174499057577731811194477877228603",
"267983879099650328771382981579685742224",
"157967919419245382688841572820636511310",
"220215490724665153225539209662046994562",
"259868909851597477234414609725023570825",
"194083100080872542790834742333867488077",
"336929106343985600487748577303597601133",
"24546103449677322501142294989544838931",
"339075520764722545416452966268108166962"
]
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"file": "src/burn/engine/engine.cpp"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-db4eff26",
"digest": {
"threshold": 0.9,
"line_hashes": [
"64969508214235412555116346031980112216",
"221826481445747528860164177207180229754",
"166924693749724103301396717251294666565",
"180964304486779404834248256526620751190"
]
}
},
{
"source": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7",
"target": {
"function": "UserExperienceEnsureWorkingFolder",
"file": "src/burn/engine/userexperience.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-ef97bde5",
"digest": {
"length": 488.0,
"function_hash": "147433966425699218455145877271287371434"
}
}
]
Git / github.com/wixtoolset/wix3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wixtoolset/wix3
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
wix3101rtm
wix3102rtm
wix3103rtm
wix310rtm
wix311rtm
wix314rtm
wix38rtm
wix39rtm
Database specific
vanir_signatures
[
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CacheCalculateContainerWorkingPath",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-19181fee",
"digest": {
"length": 338.0,
"function_hash": "270231578976514179393961950993284800784"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CalculateWorkingFolder",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-28493861",
"digest": {
"length": 1485.0,
"function_hash": "340266194615075083893627448409834563310"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CacheCleanup",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-2a13d12e",
"digest": {
"length": 1158.0,
"function_hash": "332750566491367916361833748385377497222"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CacheCalculatePayloadWorkingPath",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-2b1f9d34",
"digest": {
"length": 333.0,
"function_hash": "185142950193333352027476575934727011891"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CacheEnsureWorkingFolder",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-48d653e8",
"digest": {
"length": 461.0,
"function_hash": "106842496315161641130615712639559684240"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"file": "src/DTF/Tools/SfxCA/SfxUtil.cpp"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-5b50564b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"138589889034004959039074746965733431920",
"273065920128931785481456685477379759514",
"129607533145724539058686077071746692073",
"317292233388770139879966992489409492436",
"102712174499057577731811194477877228603",
"267983879099650328771382981579685742224",
"157967919419245382688841572820636511310",
"28440616103203930052877429125661649562",
"184403827264819081966150908372591108756",
"90175340336907662144533283231485920508",
"101449018367219547422254586881881347096",
"41046908756230793908048463967803047034",
"325588912788884522433752980139559079447",
"49904420592163523352071421917943530292",
"120197086023904526953049263198608791169",
"102468877046887708400931546074182583772",
"239185778793067184476737222272633119397",
"89538580196826601574895443744031317540",
"165027847616683430756979982528083720153",
"197832502559384664452165375141411170982",
"222236864401085711569713096652102956163",
"320983739930650470374147308301825142980",
"102712174499057577731811194477877228603",
"267983879099650328771382981579685742224",
"157967919419245382688841572820636511310",
"220215490724665153225539209662046994562",
"259868909851597477234414609725023570825",
"194083100080872542790834742333867488077",
"336929106343985600487748577303597601133",
"24546103449677322501142294989544838931",
"339075520764722545416452966268108166962"
]
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CacheCalculateBundleWorkingPath",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-984a8383",
"digest": {
"length": 572.0,
"function_hash": "156234240360662120608397870394371312834"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CacheCalculateBundleLayoutWorkingPath",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-c070c775",
"digest": {
"length": 355.0,
"function_hash": "137612245589009464393310386287694153942"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"function": "CacheRemoveWorkingFolder",
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-c13b5db7",
"digest": {
"length": 410.0,
"function_hash": "199569106291625633375771738223018603571"
}
},
{
"source": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9",
"target": {
"file": "src/burn/engine/cache.cpp"
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-29187-f712a8b2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"164255742290017238417711471762983890565",
"127728712685024599802650030028166986695",
"273250483954565673446641875869575769097",
"41123299308946586214242069929671370269",
"247095852997400704743747906697144086840",
"318253861481343172132476513837321717377",
"271791965300873548218341948701903330780",
"8163861472952234337444166035548684645",
"330341900701394964365409741852927591894",
"112415343987694710893569467088770415632",
"213206154218534295201810684806545242143",
"97379755978491413606773106794253293192",
"237709672462439285619953806937804219302",
"63163109689680760277999856663467061236",
"90932146169497333412019539166954192130",
"281352325300975834464872852402057314788",
"210058560100590456995183491149286422361",
"166513799590850014089302330196164379732",
"191579976828952752756918443230300974081",
"193146114186714359436023536194546124509",
"21446840742175423309218516461758147343",
"122619636070531742514266353536915542411",
"160345906484544352683587302559211328754",
"276008026482134045995090164492766004562",
"153033855361402224690716526199105010232",
"235750600937670266955525708131335682398",
"145998651080637305529676735309063635467",
"288590767127137518618013173078283347251",
"216249474051330328724508814228290435655",
"328391675846361139701672872509623479510",
"207887283475275714781354623379181885805",
"322144317953293969917095791552844288592",
"292559383270608884650435907809563882771",
"328391675846361139701672872509623479510",
"42609025956244180705454846749189479197",
"305317396569660590466983123491580465509",
"241453969043996552930871261122100662223",
"328016761004683299905635348420561181345",
"57947453359256929303581380841157983220",
"265647526227669191260509224507027126541",
"201479780005736552697620102235294454108",
"99609503360704438619629429179243809336",
"146943685578380988358392120405994263736",
"106419991848522315797604434467696188392",
"330496094919543478512394165563182492916",
"1156020371330748918627038731648909807",
"172213510352363116167246353154111426381",
"176460785106268590063084460011866549962",
"1837944023439606777183573196870230631",
"259539890258483849342756855199036934419",
"111520082106540940033750295715925728298",
"213809543140442373679686840059882303736",
"13236277284379097590567196087451195729",
"39644097336697635946215032601961408869",
"315324335040578687941172074883699615657",
"58769741659950321576784486829083835351"
]
}
}
]