CVE-2020-3979
N/A
N/A
Summary
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware InstallBuilder | All InstallBuilder for Qt versions prior to version 20.7.0 | affected |
Weaknesses
- Uncontrolled Search Path Element
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.