CVE-2021-22038

Published: Oct 29, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.

Vendor	Product	Versions
n/a	VMware InstallBuilder	affected `All InstallBuilder versions prior to version 21.6.0`

References

https://blog.installbuilder.com/2021/10/installbuilder-2160-released.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-22038

Description

Affected Products

References