CVE-2024-29187

Name of the Vulnerable Software and Affected Versions WiX Toolset versions prior to 3.14.1 WiX Toolset versions prior to 4.0.5

Description The WiX toolset has a vulnerability related to the use of the GetTempPathW function, which points to an insecure directory C:WindowsTemp to drop and load multiple binaries. When a bundle runs as SYSTEM user, standard users can hijack the binary before it's loaded in the application, resulting in elevation of privileges. The vulnerability is related to the fact that built-in users (non-administrators) have special permissions to the C:WindowsTemp folder and can create files and write to this directory.

Recommendations For WiX Toolset versions prior to 3.14.1, update to version 3.14.1 or later to fix the vulnerability. For WiX Toolset versions prior to 4.0.5, update to version 4.0.5 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the C:WindowsTemp directory to minimize the risk of exploitation.