CVE-2020-3979

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.

CVSS v3 7.8 HIGH
CVSS v2.0 4.4 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://blog.installbuilder.com/2020/08/updates-and-bug-fixes-with-version-2070.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:installbuilder:installbuilder:*:*:*:*:*:qt:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-09-18 18:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-3979

Mitre link : CVE-2020-3979

CVE.ORG link : CVE-2020-3979

JSON object : View

Products Affected

installbuilder

installbuilder

microsoft

windows

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2020-3979", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-09-18T18:15:17.440", "references": [{"url": "https://blog.installbuilder.com/2020/08/updates-and-bug-fixes-with-version-2070.html", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer."}, {"lang": "es", "value": "Los instaladores de InstallBuilder para Qt Windows (versiones anteriores a 20.7.0) buscan plugins en una ubicaci\u00f3n predecible en el momento de la inicializaci\u00f3n, escribibles por usuarios no administradores. Si bien esos plugins no son requeridos, son cargados si est\u00e1n presentes, lo que podr\u00eda permitir a un atacante plantar una biblioteca maliciosa que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo con el alcance de seguridad del instalador"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:installbuilder:installbuilder:*:*:*:*:*:qt:*:*", "vulnerable": true, "matchCriteriaId": "EB6A3790-8E9B-4788-9DCA-FC939E18ADA8", "versionEndExcluding": "20.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@vmware.com"}