CVE-2020-3979
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.
Los instaladores de InstallBuilder para Qt Windows (versiones anteriores a 20.7.0) buscan plugins en una ubicación predecible en el momento de la inicialización, escribibles por usuarios no administradores. Si bien esos plugins no son requeridos, son cargados si están presentes, lo que podría permitir a un atacante plantar una biblioteca maliciosa que podría resultar en una ejecución de código con el alcance de seguridad del instalador
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-30 CVE Reserved
- 2020-09-18 CVE Published
- 2023-08-25 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blog.installbuilder.com/2020/08/updates-and-bug-fixes-with-version-2070.html | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Installbuilder Search vendor "Installbuilder" | Installbuilder Search vendor "Installbuilder" for product "Installbuilder" | < 20.7.0 Search vendor "Installbuilder" for product "Installbuilder" and version " < 20.7.0" | qt |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|