5 matches found
GHSA-RF39-3F98-XR7R WiX based installers are vulnerable to binary hijack when run as SYSTEM
Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users. Details When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to dro...
Wix Toolset < 3.14 / 4.x < 4.0.4 Privilege Escalation
The version of Wix Toolset installed on the remote host is prior to 3.14.0 or 4.x prior to 4.0.4. It is, therefore, affected by a privilege escalation vulnerability. The .be TEMP folder is vulnerable to DLL redirection attacks that allow an unauthenticated, local attacker to escalate privileges...
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...
GHSA-8V28-3G86-CHJ5 PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...