DLL Redirection

PanelSW.Custom.WiX is vulnerable to DLL redirection attacks. The vulnerability is due to insufficient security checks in handling of the TEMP folder, allowing attackers to escalate privileges by dropping a malicious DLL into a specific directory structure monitored by the burn engine, which when...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path due to the improper handling of the .be TEMP folder. An attacker can escalate privileges by monitoring the user's TEMP folder for changes and inserting a malicious DLL into the .be/.Local folder immediately when th...

GHSA-259P-RVJX-FFWG Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges

Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...

PT-2024-40202 · Microsoft · Wix

Name of the Vulnerable Software and Affected Versions: WiX installer framework affected versions not specified Description: The vulnerability allows an attacker to escalate privileges through DLL redirection attacks. When the bundle is not run as admin, the user's TEMP folder is used, and a utili...