EUVD-2019-0277

Malware in sbrugna...

wixtoolset downloads Resources over HTTP

Affected versions of wixtoolset insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-CR8H-X88H-JWJ2 wixtoolset downloads Resources over HTTP

Affected versions of wixtoolset insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

wixtoolset Remote Code Execution Vulnerability

wixtoolset is a set of tools for building installers for Windows applications. A security vulnerability exists in wixtoolset that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the...

Man-in-the-Middle (MitM)

wixtoolset is vulnerable to man-in-the-middle MitM attack. This is possible because it does not prevent downloading of executables via HTTP if the attacker is on the network or positioned in between the user and the remote server. Consequently, it may potentially cause remote code execution RCE b...

CVE-2016-10663

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

CVE-2016-10663

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

Remote code execution

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

CVE-2016-10663

CVE-2016-10663 affects wixtoolset (Node wrapper around wixtoolset binaries): it downloads binary resources over HTTP, enabling MITM modification of the requested file and potentially remote code execution. Descriptions across multiple sources confirm the root cause is unencrypted HTTP downloads t...

CVE-2016-10663

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

Downloads Resources over HTTP

Overview Affected versions of wixtoolset insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...