CVE-2022-24618
HIGHHeimdal Premium Security <2.5.395 - Privilege Escalation
Title source: llmDescription
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
References (2)
Core 2
Core References
Not Applicable x_refsource_misc
http://heimdal.com
Release Notes, Vendor Advisory x_refsource_misc
https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
14.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-281
Status
published
Products (1)
heimdalsecurity/heimdal_premium_security
< 2.5.398
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026