[wix-users] CVE Score for DLL Hijack that 3.11.1 fixes?

Rob Mensching rob at firegiant.com
Thu Feb 1 09:35:39 PST 2018


> Does this exist in a database such as cve.mitre.org or NVD?

No. It was not filed there.

_____________________________________________________________
 Short replies here. Complete answers over there: http://www.firegiant.com/

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of John Ludlow via wix-users
Sent: Thursday, February 1, 2018 9:09 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Cc: John Ludlow <john.ludlow.uk at gmail.com>
Subject: [wix-users] CVE Score for DLL Hijack that 3.11.1 fixes?

 Hi,

We are currently using WiX 3.11, and are evaluating whether we want to upgrade to WiX 3.11.1 in our next release (which is in its final stages) or stay on 3.11 until early in our next release.

Obviously the main talking point is this vulnerability and its fix:
https://github.com/wixtoolset/issues/issues/5184/

One piece of evidence that would help is the CVSS/CVE scores for this vulnerability. Does this exist in a database such as cve.mitre.org or NVD?

If not then we would still update but it's more likely that we would do that early next release.

Thanks

John

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/



More information about the wix-users mailing list