CVE-2024-29187

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-29187
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29187.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-29187
Aliases
Published
2024-03-24T20:15:08Z
Modified
2024-10-08T04:08:39.120809Z
Summary
[none]
Details

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.

References

Affected packages

Git / github.com/wixtoolset/wix

Affected ranges

Type
GIT
Repo
https://github.com/wixtoolset/wix
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/wixtoolset/wix3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

wix3101rtm
wix3102rtm
wix3103rtm
wix310rtm
wix311rtm
wix314rtm
wix38rtm
wix39rtm