Vulnerability in WiX toolset could allow attackers to bypass protection of sensitive directories
CVE-2024-29188

7.8HIGH

Key Information:

Vendor: Wixtoolset
Status: Issues
Vendor: CVE Published:; 24 March 2024

What is CVE-2024-29188?

The WiX Toolset allows developers to create Windows Installer packages, but a vulnerability exists in the RemoveFolderEx functionality. This issue can enable unauthorized deletion of protected directories by standard users if proper safeguards are not implemented. Specifically, an attacker can exploit this flaw by creating a directory junction in a per-user folder that points to a protected directory within the per-machine context. When the Windows Installer executes a per-machine installer, it bypasses user permissions and may delete crucial system directories, potentially harming system integrity and exposing the system to further risks. Mitigating this issue is essential for maintaining secure installation practices, and the vulnerability has been addressed in versions 3.14.1 and 4.0.5 of the WiX Toolset.

Affected Version(s)

issues < 3.14.1 < 3.14.1

issues >= 4.0.0, < 4.0.5 < 4.0.0, 4.0.5

References

https://github.com/wixtoolset/issues/security/advisories/...

x_refsource_CONFIRM

https://github.com/wixtoolset/wix/commit/2e5960b575881567...

x_refsource_MISC

https://github.com/wixtoolset/wix3/commit/93eeb5f68357766...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2024
Vulnerability Reserved
Mar 18, 2024

Wixtoolset

What is CVE-2024-29188?

Affected Version(s)

References

CVSS V3.1

Timeline