CVE-2024-29187

Source
https://cve.org/CVERecord?id=CVE-2024-29187
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29187.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-29187
Aliases
Published
2024-03-24T19:38:38.140Z
Modified
2026-07-15T01:49:17.441068287Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
WiX based installers are vulnerable to binary hijack when run as SYSTEM
Details

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.

Database specific
{
    "cwe_ids": [
        "CWE-732"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29187.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "3.14.1"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/wixtoolset/wix

Affected ranges

Type
GIT
Repo
https://github.com/wixtoolset/wix
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.5"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}
Type
GIT
Repo
https://github.com/wixtoolset/wix3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
Other
wix3101rtm
wix3102rtm
wix310rtm
wix311rtm
wix314rtm
wix38rtm
wix39rtm

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29187.json"