8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.7%
wix is vulnerable to DLL Redirection Attacks. The vulnerability is due to insufficient security checks in handling the TEMP folder, allowing attackers to escalate privileges by dropping a malicious DLL into a specific directory structure monitored by the burn engine, which when elevated, loads the malicious DLL. This flow allow the attacker to escalate privileges.
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.7%