CVE-2024-29188

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-29188

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29188.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-29188

Aliases

GHSA-jx4p-m4wm-vvjg

Published

2024-03-24T19:46:25Z

Modified

2025-10-14T14:34:34Z

Severity

7.9 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H CVSS Calculator

Summary

Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files

Details

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed RemoveFolderEx to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.

References

Affected packages

Git / github.com/wixtoolset/wix

Affected ranges

Type: GIT
Repo: https://github.com/wixtoolset/wix
Events: Introduced

8c757c0f67f26f21c6bcbbfb81b7ea8b91c35fe4

Fixed

b9b2f1b4c69a1b509d487dc950b30b4ec9b0d040

Database specific

{
    "unresolved_versions": [
        {
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "3.14.1"
                }
            ],
            "type": ""
        }
    ]
}