On Wednesday, 8 de June de 2011 12:33:39 Thiago Macieira wrote:
> Since the system doesn't have a Wacom tablet, so there's no wintab32.dll in
> the system dirs. When Qt probes for the Wacom drivers, it tells the system
> to LoadLibrary("wintab32") and that will be resolved on the current
> directory. At that point, the DLL that the attacker provided can do
> *anything*.
By the way, we fixed this. First, there's a Windows security fix. Second, Qt no
longer does LoadLibrary("wintab32"). We introduced QSystemLibrary, an internal
class that only loads from system paths.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Senior Product Manager - Nokia, Qt Development Frameworks
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Qt5-feedback mailing list [email protected] http://lists.qt.nokia.com/mailman/listinfo/qt5-feedback
