CVE-2021-22037

CVE-2021-22037 affects Windows installers produced with InstallBuilder. The issue arises when manipulating the Windows registry: InstallBuilder invokes reg.exe but does not enforce the absolute path, allowing search-path hijacking to substitute a malicious reg.exe. This path interception could ca...

CVE-2021-22038

CVE-2021-22038 affects Windows InstallBuilder installers. The uninstaller copies itself to a fixed, non-random location accessible to Administrators, then executes it, which could let an attacker replace the copied binary before execution and gain Administrator privileges if the uninstaller ran w...

CVE-2020-3946

CVE-2020-3946 affects VMware InstallBuilder (AutoUpdate tool and regular installers) where builds using prior to version 19.11 are vulnerable to a Billion Laughs denial-of-service. Multiple sources in connected documents confirm the affected component and the pre-19.11 versions as vulnerable, wi...