Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Vulnerability Description
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
WiX Toolset 代码问题漏洞
Vulnerability Description
WiX Toolset是.NET开源的一个代码库。 WiX Toolset 4 到 4.0.4、 3.14.0之前版本存在代码问题漏洞,该漏洞源于.be TEMP 文件夹容易受到 DLL 重定向攻击,允许攻击者提升权限。
CVSS Information
N/A
Vulnerability Type
N/A