CVE-2022-24618

high

Description

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.

References

https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC

http://heimdal.com

Details

Source: Mitre, NVD

Published: 2022-03-10

Updated: 2026-07-05

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00074