CVE-2024-29188

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...

The vulnerability of the RemoveFolderEx function in the WiX Toolset for creating installation packages on Windows operating systems allows a malicious actor to delete any files they desire.

The vulnerability of the RemoveFolderEx function in the WiX Toolset for creating installation packages on Windows operating systems is related to incorrect handling of symbolic links before accessing the file. Exploiting this vulnerability could allow an attacker to delete any files they desire...

Privilege Escalation

wixtoolset.util.wixext and wix are vulnerable to Privilege Escalation. The vulnerability is due to the improper handling of directory operations within the RemoveFolderEx function, which allows a standard users to delete protected directories by exploiting directory junctions...

GHSA-JX4P-M4WM-VVJG Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files

Summary The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. Details RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified...

Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files

Summary The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. Details RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified...

CVE-2024-29188

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...

CVE-2024-29188 Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...

CVE-2024-29188

CVE-2024-29188 affects WiX Toolset. The RemoveFolderEx action could be abused by a per-user folder link (directory junction) in a per-machine installer to cause deletion of protected directories during Windows Installer processing. This could allow a standard user to delete protected directories ...

PT-2024-4137 · Unknown · Wix Toolset

Name of the Vulnerable Software and Affected Versions: WiX Toolset versions prior to 3.14.1 WiX Toolset versions prior to 4.0.5 Description: The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire...