PT-2022-16765 · Heimdal · Heimdal Premium Security

Published

2022-03-09

Updated

2022-03-16

CVE-2022-24618

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Heimdal Premium Security versions 2.5.395 and earlier

Description The issue concerns insecure permissions in the Heimdal.Wizard.exe installer. This allows unprivileged local users to elevate privileges to SYSTEM. The exploitation is possible via the "Browse For Folder" window, which can be accessed by triggering a "Repair" on the MSI package located in C:WindowsInstaller.

Recommendations For Heimdal Premium Security versions 2.5.395 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

CVE-2022-24618

Affected Products

Heimdal Premium Security

PT-2022-16765 · Heimdal · Heimdal Premium Security

CVE-2022-24618

Weakness Enumeration

Related Identifiers

Affected Products

References · 4