8 matches found
CVE-2024-29188
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
Privilege Escalation
wixtoolset.util.wixext and wix are vulnerable to Privilege Escalation. The vulnerability is due to the improper handling of directory operations within the RemoveFolderEx function, which allows a standard users to delete protected directories by exploiting directory junctions...
GHSA-JX4P-M4WM-VVJG Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
Summary The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. Details RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified...
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
Summary The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. Details RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified...
CVE-2024-29188
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
CVE-2024-29188
CVE-2024-29188 affects WiX Toolset. The RemoveFolderEx action could be abused by a per-user folder link (directory junction) in a per-machine installer to cause deletion of protected directories during Windows Installer processing. This could allow a standard user to delete protected directories ...
CVE-2024-29188 Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
PT-2024-4137 · Unknown · Wix Toolset
Name of the Vulnerable Software and Affected Versions: WiX Toolset versions prior to 3.14.1 WiX Toolset versions prior to 4.0.5 Description: The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire...