Wixtoolset Issues vulnerabilities
3 known vulnerabilities affecting wixtoolset/issues.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2024-29188HIGHCVSS 7.9fixed in 3.14.1v>= 4.0.0, < 4.0.52024-03-24
CVE-2024-29188 [HIGH] CWE-59 CVE-2024-29188: WiX toolset lets developers create installers for Windows Installer, the Windows installation engine
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirecto
nvd
CVE-2024-29187HIGHCVSS 7.3fixed in 3.14.1v>= 4.0.0, < 4.0.52024-03-24
CVE-2024-29187 [HIGH] CWE-732 CVE-2024-29187: WiX toolset lets developers create installers for Windows Installer, the Windows installation engine
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of pr
nvd
CVE-2024-24810HIGHCVSS 7.8≤ 4.0.32024-02-07
CVE-2024-24810 [HIGH] CWE-426 CVE-2024-24810: WiX toolset lets developers create installers for Windows Installer, the Windows installation engine
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
nvd