PT-2022-20893 · Unknown · Installbuilder
Marius Gabriel Mihai
·
Published
2022-11-18
·
Updated
2025-04-29
·
CVE-2022-31694
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
InstallBuilder Qt installers versions prior to 22.10
Description
The issue allows an attacker to potentially execute code with the privileges of the installer by planting a malicious DLL in the installer parent directory. This can happen when the installer displays popups and attempts to load DLLs from the parent directory. Exploitation generally requires an attacker to have access to a vulnerable machine to plant the malicious DLL.
Recommendations
For versions prior to 22.10, update to version 22.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the installer parent directory to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Installbuilder