CVE-2024-29188 | WiX Toolset up to 3.14.0/4.0.4 on Windows Uninstallation RemoveFolderEx link following (GHSA-jx4p-m4wm-vvjg)

Posted by Angelo Barbosa | Mar 25, 2024 | CVE

A vulnerability was found in WiX Toolset up to 3.14.0/4.0.4 on Windows and classified as critical. This issue affects the function RemoveFolderEx of the component Uninstallation Handler. The manipulation leads to link following.

The identification of this vulnerability is CVE-2024-29188. An attack has to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-29188 | WiX Toolset up to 3.14.0/4.0.4 on Windows Uninstallation RemoveFolderEx link following (GHSA-jx4p-m4wm-vvjg)

Related Posts

CVE-2023-6735 | Checkmk up to 2.0.0p38/2.1.0p36/2.2.0p16 mk_tsm Agent Plugin input validation

CVE-2023-45779 | Google Android Local Privilege Escalation

CVE-2024-24840 | Element Pack Elementor Addons Plugin up to 5.4.11 on WordPress bdt_duplicate_as_draft authorization

CVE-2024-0432 | Gestpay for WooCommerce Plugin up to 20221130 on WordPress ajax_delete_card cross-site request forgery