InstallBuilder
Products
3- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31694 | 0.00 | — | 0.00 | Nov 18, 2022 | InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the… | |||
| CVE-2021-22037 | 0.00 | — | 0.00 | Oct 29, 2021 | Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller… | |||
| CVE-2021-22038 | 0.00 | — | 0.01 | Oct 29, 2021 | On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to… | |||
| CVE-2020-3979 | 0.00 | — | 0.00 | Sep 18, 2020 | InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a… | |||
| CVE-2020-3946 | 0.00 | — | 0.01 | Apr 20, 2020 | InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). |
- CVE-2022-31694Nov 18, 2022risk 0.00cvss —epss 0.00
InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the…
- CVE-2021-22037Oct 29, 2021risk 0.00cvss —epss 0.00
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller…
- CVE-2021-22038Oct 29, 2021risk 0.00cvss —epss 0.01
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to…
- CVE-2020-3979Sep 18, 2020risk 0.00cvss —epss 0.00
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a…
- CVE-2020-3946Apr 20, 2020risk 0.00cvss —epss 0.01
InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).