Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the Browse For Folder window accessible by triggering a Repair on the MSI package located in C:WindowsInstaller.
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Heimdal_premium_security | Heimdalsecurity | * | 2.5.398 (excluding) |