CVE-2020-3979

HIGH

Installbuilder < 20.7.0 - Uncontrolled Search Path

Title source: rule

Description

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.

References (1)

[Vendor Advisory] https://blog.installbuilder.com/2020/08/updates-and-bug-fixes-with-version-2070.html

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

installbuilder/installbuilder < 20.7.0

Timeline

Published Sep 18, 2020

Tracked Since Feb 18, 2026