Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-29188

Good to know:

icon

Date: March 24, 2024

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.

Language: C++

Severity Score

Related Resources (5)

https://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a
https://nvd.nist.gov/vuln/detail/CVE-2024-29188
https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg
https://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742
https://www.mend.io/vulnerability-database/CVE-2024-29188

Severity Score

Weakness Type (CWE)

Link Following

CWE-59

Top Fix

icon

Upgrade Version

Upgrade to version v4.0.5,wix3141rtm

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us