CVE-2021-22038

Name of the Vulnerable Software and Affected Versions VMware InstallBuilder versions (affected versions not specified)

Description The issue is related to the use of insufficiently random values in the uninstaller binary of VMware InstallBuilder for Windows. When the uninstaller is executed, it copies itself to a fixed temporary location, which can be exploited by an attacker to gain Administrator privileges. This is possible because the temporary location is not randomized and does not restrict access to Administrators only, allowing a potential attacker to replace the copied binary with a malicious one. The vulnerability only affects Windows installers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.