2 matches found
CVE-2020-3979
InstallBuilder for Qt Windows versions prior to 20.7.0 installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which coul...
CVE-2020-3979
InstallBuilder for Qt Windows prior to 20.7.0 is vulnerable: installers load plugins from a predictable location writable by non-admin users, enabling potential library planting and code execution with the installer's security scope. A fix is available in version 20.7.0; apply the update to mitig...