CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24618
https://notcve.org/view.php?id=CVE-2022-24618
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer. El instalador Heimdal.Wizard.exe en Heimdal Premium Security versiones 2.5.395 y anteriores, presenta permisos inseguros, lo que permite a usuarios locales no privilegiados elevar los privilegios a SYSTEM por medio de la ventana "Browse For Folder" accesible al desencadenar un "Repair" en el paquete MSI ubicado en C:\Windows\Installer • http://heimdal.com https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5349
https://notcve.org/view.php?id=CVE-2018-5349
A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. • https://improsec.com/blog/heimdal-advisory-1 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5731
https://notcve.org/view.php?id=CVE-2018-5731
An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. • https://improsec.com/blog/heimdal-advisory-2 • CWE-20: Improper Input Validation •