Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Not Evaluated
-
Resolution: Won't Do
-
Affects Version/s: Qt Installer Framework 4.2
-
Fix Version/s: None
-
Component/s: General
-
Labels:
-
Sprint:Qt Installer Sprint 47, Qt Installer Sprint 48
Description
The installer tool that (for Windows) was created using Qt Installer Framework
- When the installer tool is launched, since it is raised to Administrator, the system is vulnerable to DLL Hijacking based on the order of searching directories for DLLs
- Qt Installer Framework needs to be modified to apply either of the two workarounds below
- By applying this
- https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-orderBy using a temporary directory like “C:\Users\Administrator\AppData\Local\Temp
{1CEF1BC9-BAEB-4F5F-B070-0305FBA3CFC5}” as InstallShield does