CVE-2024-24810

Untrusted Search Path in nuget/WiX

Identifiers

GHSA-7wh2-wxc7-9ph5, CVE-2024-24810

Package Slug

nuget/WiX

Vulnerability

Untrusted Search Path

Description

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.

Affected Versions

All versions up to 4.0.3

Solution

Upgrade to version 4.0.4 or above.

Last Modified

2024-02-09

source