CVE-2022-31694: 
VMware InstallBuilder for Qt vulnerability analysis and mitigation

InstallBuilder Qt installers built with versions previous to 22.10 contain a DLL hijacking vulnerability (CVE-2022-31694). When displaying popups, the installers attempt to load DLLs from the installer binary parent directory, which could allow an attacker to execute arbitrary code with installer privileges by planting malicious DLLs (InstallBuilder Blog).

The vulnerability exists in the dialog actions (popups) functionality of InstallBuilder Qt installers. When displaying popups, the installer attempts to load DLLs from its parent directory without proper validation. This insecure DLL loading behavior could be exploited if an attacker has access to plant malicious DLLs in the installer's parent directory (InstallBuilder Blog).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code with the privileges of the installer when popup dialogs are triggered. The impact is limited by the requirement that an attacker needs local access to the vulnerable machine to plant the malicious DLL (InstallBuilder Blog).

The vulnerability has been fixed in InstallBuilder version 22.10.0. Users of affected versions should upgrade to version 22.10.0 or later and release new versions of their installers. No workarounds are provided in the available sources (InstallBuilder Blog).