CVE-2022-24618
First published: Wed Mar 09 2022(Updated: )
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Heimdalsecurity Heimdal Premium Security | <2.5.398 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-24618?
CVE-2022-24618 is a vulnerability in the Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier versions.
How severe is CVE-2022-24618?
CVE-2022-24618 has a severity score of 7.8, categorized as high.
How can unprivileged local users exploit CVE-2022-24618?
Unprivileged local users can elevate privileges to SYSTEM by triggering a "Repair" on the MSI package in C:\Windows\Installer, accessible through the "Browse For Folder" window in Heimdal.Wizard.exe installer.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- agent/source
- vendor/heimdalsecurity
- canonical/heimdalsecurity heimdal premium security