CVE-2022-24618

Published: Mar 10, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.

Affected (1)

Products: Heimdalsecurity: Heimdal Premium Security

Heimdalsecurity

1 product

Heimdal Premium Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Heimdalsecurity Heimdal Premium Security	Before 2.5.398

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (4)

http://heimdal.com

Source: cve@mitre.org

Not Applicable

https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC

Source: cve@mitre.org

Release NotesVendor Advisory

http://heimdal.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.