Reproducing WiX Toolset Security Vulnerability to Verify Upgrade

[Sandhiya-Sivakumar]

Dear @robmen,

We have recently become aware of a security vulnerability in the WiX Toolset v3.14.0 that we are currently using. Specifically, the vulnerability involves the handling of temporary files by the Burn component, as described here.

So we are in the process of upgrading to WiX v3.14.1, In order to ensure that the upgrade procedure we follow addresses the vulnerability, we are seeking assistance in reproducing the issue ourselves. Unfortunately, the ⁠PoC link provided in the security update is inaccessible to us.

Could you please provide guidance on how we might reproduce or access the PoC? Our intention is to gain a deeper understanding of the vulnerability and check whether the upgrade procedure resolves the vulnerability before implementing in production.

Any assistance or insights into this matter would be greatly appreciated.

Thanks.

[robmen]

It's not just you; the link to the PoC was never accessible. However, we do have additional details that we share privately with FireGiant customers. We will not publicly publish additional details about the vulnerability, for obvious reasons.