GHSA-259p-rvjx-ffwg: 
C# vulnerability analysis and mitigation

A high-severity vulnerability (GHSA-259p-rvjx-ffwg, CVE-2024-24810) was discovered in PanelSW.Custom.WiX (NuGet) affecting versions below 3.15.0-a44. The vulnerability involves the .be TEMP folder being susceptible to DLL redirection attacks, potentially allowing attackers to escalate privileges. This security issue was published and reviewed on February 8, 2024, impacting installers built with the WiX installer framework (GitHub Advisory).

The vulnerability occurs when the bundle is executed without administrative privileges, causing it to use the user's TEMP folder instead of the system TEMP folder. The issue has a CVSS v3.1 score of 8.3 (High), with the following characteristics: Local attack vector, Low attack complexity, Low privileges required, Required user interaction, Changed scope, and High impact on confidentiality, integrity, and availability. The vulnerability is tracked as CWE-426 (GitHub Advisory).

The vulnerability allows attackers to exploit DLL redirection using the .exe.Local Windows capability, affecting any installer built with the WiX installer framework. When successfully exploited, the attack can lead to privilege escalation when the burn engine elevates, granting the malicious DLL elevated privileges (GitHub Advisory).

The vulnerability has been patched in version 3.15.0-a44 of PanelSW.Custom.WiX. Users are advised to upgrade to this version or later to mitigate the security risk (GitHub Advisory).