CVE-2024-24810
Published: 07 February 2024
Summary
CVE-2024-24810 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Firegiant Wix Toolset. Its CVSS base score is 8.2 (High).
Operationally, ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0564
Vulnerability details
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework.…
more
This issue has been patched in version 4.0.4.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.