CVE-2022-24618
HIGHCVSS v3.1: 7.8 · EPSS: 0.0024 (14.8 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 7.8 v3.1 · NVD
- EPSS
- 0.0024 (14.8 percentile) · FIRST.org
- CISA KEV
- No
- Attack conditions (CVSS vector)
- No user interaction · Source: NVD Vector
- Affected vendors
- heimdalsecurity
- Published
- 2022-03-10 · Modified: 2026-07-05
- References
- Jump to references (2)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.