GHSA-wq88-fq4x-h2pm: WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

March 25, 2024

Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users.

References

github.com/advisories/GHSA-wq88-fq4x-h2pm
github.com/nirbar/wix3
github.com/nirbar/wix3/commit/99e754bbc717c61f18862aefd98c035f5e2f848d
github.com/nirbar/wix3/security/advisories/GHSA-wq88-fq4x-h2pm

Code Behaviors & Features

Detect and mitigate GHSA-wq88-fq4x-h2pm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →