CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29187

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00069/1

CVE-2024-29187 is a privilege escalation vulnerability in the WiX toolset. This flaw allows standard users to potentially hijack binaries and gain elevated privileges. When a WiX bundle operates as the SYSTEM user, it utilizes an insecure temporary directory (C:\Windows\Temp) to store and load multiple binary files. With an SVRS score of 30, the urgency is moderate, but should still be addressed. This vulnerability, classified as CWE-732, can be exploited by malicious users to gain SYSTEM-level access. The risk associated with CVE-2024-29187 is significant because successful exploitation allows an attacker to bypass security restrictions. Upgrade to WiX toolset versions 3.14.1 or 4.0.5 to mitigate this security risk. The fact that it is tagged as "In The Wild" means active exploitation is possible.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-03-24
LAST MODIFIED2024-03-25
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-29187 is a privilege escalation vulnerability in the WiX toolset, which allows standard users to elevate their privileges to SYSTEM level. This is due to the insecure use of GetTempPathW, which points to an insecure directory where binaries are dropped and loaded.

Key Insights:

  • SVRS Score: 46, indicating a moderate risk.
  • Exploit Status: Active exploits have been published.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • In the Wild: The vulnerability is actively exploited by hackers.

Mitigation Strategies:

  • Update to WiX toolset version 3.14.1 or 4.0.5.
  • Restrict access to the insecure directory (C:\Windows\Temp).
  • Implement least privilege principles to limit the impact of potential exploits.
  • Monitor for suspicious activity and implement intrusion detection systems.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-29187 | WiX Toolset up to 3.14.0/4.0.4 on Windows Installer C:\Windows\Temp permission assignment
vuldb.com2025-04-13
CVE-2024-29187 | WiX Toolset up to 3.14.0/4.0.4 on Windows Installer C:\Windows\Temp permission assignment | A vulnerability was found in WiX Toolset up to 3.14.0/4.0.4 on Windows. It has been declared as critical. This vulnerability affects unknown code of the file C:\Windows\Temp of the component Installer. The manipulation leads to incorrect permission assignment. This vulnerability was named <a href="https://vuldb.com/?source_cve.257794
vuldb.com
rss
forum
news
The June 2024 Security Update Review
Dustin Childs2024-06-11
The June 2024 Security Update Review | Somehow, we’ve made it to the sixth patch Tuesday of 2024, and Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for June 2024For June, Adobe released
zerodayinitiative.com
rss
forum
news
Microsoft Patch Tuesday June 2024, (Tue, Jun 11th)
2024-06-11
Microsoft Patch Tuesday June 2024, (Tue, Jun 11th) | Microsoft&amp;&amp;#x23&#x3b;x26&#x3b;&amp;#x23&#x3b;39&#x3b;s June 2024 update fixes a total of 58 vulnerabilities. 7 of these vulnerabilities are associated with Chromium and Microsoft&amp;&amp;#x23&#x3b;x26&#x3b;&amp;#x23&#x3b;39&#x3b;s Brave browser. Only one vulnerability is rated critical. One of the vulnerabilities had been disclosed before today.&#xd;Microsoft's June 2024 update fixes a total of 58 vulnerabilities. 7 of these vulnerabilities are associated with Chromium and Microsoft's Brave browser. Only one vulnerability
apt42
sans.edu
rss
forum
Patch Tuesday - June 2024
Adam Barnett2024-06-11
Patch Tuesday - June 2024 | MSMQ RCE again. Office malicious file RCEs. SharePoint RCE. DNSSEC NSEC3 DoS.It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is
rapid7.com
rss
forum
news

Social Media

#Microsoft June 2024 #PatchTuesday Addresses 49 #CVEs, 1 Critical and 48 Important. Includes CVE-2023-50868 issued by #MITRE and CVE-2024-29187 issued by #GitHub. #Tenable #Research #ExposureManagement https://t.co/hi2Pnnv2wl https://t.co/YH4GBAQOh8
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r
[email protected]https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7
[email protected]https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9
GITHUBhttps://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r

CWE Details

CWE IDCWE NameDescription
CWE-732Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence