Vulnerabilities > CVE-2022-24618 - Improper Preservation of Permissions vulnerability in Heimdalsecurity Heimdal Premium Security

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

heimdalsecurity

CWE-281

NVD

Published: 2022-03-10

Updated: 2022-03-16

Summary

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.

Vulnerable Configurations

Part	Description	Count
Application	Heimdalsecurity Heimdalsecurity Heimdal Premium Security *	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

http://heimdal.com
https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC