CVE-2022-24618

HIGH

Heimdal Premium Security <2.5.395 - Privilege Escalation

Title source: llm

Description

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.

References (2)

[Not Applicable] http://heimdal.com

[Release Notes, Vendor Advisory] https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 6.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-281

Status published

Products (1)

heimdalsecurity/heimdal_premium_security < 2.5.398

Published Mar 10, 2022

Tracked Since Feb 18, 2026