Vulnerability Details CVE-2022-24618
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2022-24618
-
cpe:2.3:a:heimdalsecurity:heimdal_premium_security:-
-
cpe:2.3:a:heimdalsecurity:heimdal_premium_security:2.5.383
-
cpe:2.3:a:heimdalsecurity:heimdal_premium_security:2.5.385
-
cpe:2.3:a:heimdalsecurity:heimdal_premium_security:2.5.395