Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
References
Link | Resource |
---|---|
http://heimdal.com | Not Applicable |
https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-09T11:40:59
Updated: 2022-03-09T11:40:59
Reserved: 2022-02-07T00:00:00
Link: CVE-2022-24618
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-10T17:46:23.103
Modified: 2022-03-16T19:13:59.707
Link: CVE-2022-24618
JSON object: View
Redhat Information
No data.
CWE