CVE-2024-29188 — HIGH (7.9)

Vulnerability Description

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.

CVSS Score

7.9

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-59

References

FAQ

What is CVE-2024-29188?

CVE-2024-29188 is a vulnerability with a CVSS score of 7.9 (HIGH). WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delet...

How severe is CVE-2024-29188?

CVE-2024-29188 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-29188?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.