Details
-
Bug
-
Resolution: Won't Do
-
Not Evaluated
-
None
-
Qt Installer Framework 4.2
-
Qt Installer Sprint 47, Qt Installer Sprint 48
Description
The installer tool that (for Windows) was created using Qt Installer Framework
- When the installer tool is launched, since it is raised to Administrator, the system is vulnerable to DLL Hijacking based on the order of searching directories for DLLs
- Qt Installer Framework needs to be modified to apply either of the two workarounds below
- By applying this
- https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-orderBy using a temporary directory like “C:\Users\Administrator\AppData\Local\Temp
{1CEF1BC9-BAEB-4F5F-B070-0305FBA3CFC5}” as InstallShield does