CVE-2016-10663

Name of the Vulnerable Software and Affected Versions wixtoolset (affected versions not specified)

Description The wixtoolset is vulnerable to man-in-the-middle (MITM) attacks due to downloading binary resources over HTTP. This could lead to remote code execution (RCE) if an attacker intercepts the response and replaces the executable with a malicious one. The vulnerability can be exploited when an attacker has a privileged network position.

Recommendations To mitigate the issue, avoid using the wixtoolset package if possible, and consider using a different package instead. As a temporary workaround, ensure that the package is not installed while connected to a public network to reduce the risk of exploitation.