InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.
[
{
"product": "VMware InstallBuilder",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All InstallBuilder for Qt versions prior to version 20.7.0"
}
]
}
]