|
|
 |
| New User, Welcome! Login |
Re: [Full-disclosure] QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)
| From: |
security curmudgeon <jericho attrition org> |
| To: |
YGN Ethical Hacker Group <lists yehg net> |
| Cc: |
full-disclosure lists grok org uk, bugtraq securityfocus com |
| Subject: |
Re: [Full-disclosure] QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll) |
| Date: |
Mon - Aug 30, 2010 11:08 AM |
: 1. OVERVIEW
:
: The QtWeb Browser application is vulnerable to Insecure DLL Hijacking
: Vulnerability. Similar terms that describe this vulnerability have been
: come up with Remote Binary Planting, and Insecure DLL
: Loading/Injection/Hijacking/Preloading.
: 3. VULNERABILITY DESCRIPTION
:
: The QtWeb Browser application passes an insufficiently qualified path in
: loading an external library, "wintab32.dll" when a user opens its
: associated file with extensions - htm, html, mhtml.
:
: 4. VERSIONS AFFECTED
:
: 3.3 build 043 and lower
Virtually all Qt based applications will be vulnerable to this.
We've seen the first wave of reports of "X is vulnerable, looking for Y
librari", but we haven't seen a lot of details or follow-up on where the
inclusion of the library comes from. Popular libraries and cross-platform
frameworks that are vulnerable, will in turn affect any product or
software that uses them.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
