CVE-2020-6786

Name of the Vulnerable Software and Affected Versions: Bosch Video Recording Manager versions 3.71 and older Bosch Video Recording Manager versions 3.81 up to and including 3.81.0064 Bosch Video Recording Manager versions 3.82 up to and including 3.82.0055

Description: The issue allows an attacker to execute arbitrary code on a victim's system by loading a DLL through an uncontrolled search path element in the Bosch Video Recording Manager installer. This can happen if the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.

Recommendations: For versions 3.71 and older, update to a version newer than 3.71 to mitigate the risk. For versions 3.81 up to and including 3.81.0064, update to a version newer than 3.81.0064 to mitigate the risk. For versions 3.82 up to and including 3.82.0055, update to a version newer than 3.82.0055 to mitigate the risk. As a temporary workaround, consider restricting the execution of arbitrary code by the installer until a patch is available.