CVE-2021-22037

Name of the Vulnerable Software and Affected Versions InstallBuilder (affected versions not specified)

Description The issue is related to the use of the reg.exe system command by InstallBuilder when manipulating the Windows registry. Since the full path to the command is not enforced, it leads to a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.