: 1. OVERVIEW : : The QtWeb Browser application is vulnerable to Insecure DLL Hijacking : Vulnerability. Similar terms that describe this vulnerability have been : come up with Remote Binary Planting, and Insecure DLL : Loading/Injection/Hijacking/Preloading. : 3. VULNERABILITY DESCRIPTION : : The QtWeb Browser application passes an insufficiently qualified path in : loading an external library, "wintab32.dll" when a user opens its : associated file with extensions - htm, html, mhtml. : : 4. VERSIONS AFFECTED : : 3.3 build 043 and lower Virtually all Qt based applications will be vulnerable to this. We've seen the first wave of reports of "X is vulnerable, looking for Y librari", but we haven't seen a lot of details or follow-up on where the inclusion of the library comes from. Popular libraries and cross-platform frameworks that are vulnerable, will in turn affect any product or software that uses them.
