Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WiX based installers are vulnerable to binary hijack when run as SYSTEM
Vulnerability Description
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
WiX Toolset 安全漏洞
Vulnerability Description
WiX Toolset是.NET开源的一个代码库。 WiX Toolset存在安全漏洞,该漏洞源于标准用户可以在二进制文件加载到应用程序之前劫持该二进制文件,从而导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A