InstallBuilder
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22037 | 0.00 | — | 0.00 | Oct 29, 2021 | Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller… | |||
| CVE-2021-22038 | 0.00 | — | 0.01 | Oct 29, 2021 | On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to… | |||
| CVE-2020-3946 | 0.00 | — | 0.01 | Apr 20, 2020 | InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). |
- CVE-2021-22037Oct 29, 2021risk 0.00cvss —epss 0.00
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller…
- CVE-2021-22038Oct 29, 2021risk 0.00cvss —epss 0.01
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to…
- CVE-2020-3946Apr 20, 2020risk 0.00cvss —epss 0.01
InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).