CVE-2024-24810

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24810

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24810.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-24810

Aliases

GHSA-7wh2-wxc7-9ph5

Published

2024-02-07T02:39:35Z

Modified

2025-10-13T04:35:11Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges

Details

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.

References

https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5

Affected packages

Git / github.com/wixtoolset/wix

Affected ranges

Type: GIT
Repo: https://github.com/wixtoolset/wix
Events: Introduced

8c757c0f67f26f21c6bcbbfb81b7ea8b91c35fe4

Fixed

a85929822f9932fcb938a8f260555e2476040298