CVE-2024-29188
CVSS 3.1 Score 7.9 of 10 (high)
Details
Summary
CVE-2024-29188 is a vulnerability affecting the WiX toolset, a software used to create installers for the Windows Installer engine. The issue lies in the `RemoveFolderEx` custom action, which can be manipulated by a standard user to delete protected directories. This is achieved by creating a directory junction in a specified per-user folder that points to a protected per-machine directory. When the per-machine installer is executed with administrative privileges, Windows Installer deletes the target of the directory junction, resulting in the unintended deletion of the protected directory. This vulnerability has been addressed in WiX toolset versions 3.14.1 and 4.0.5.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.