Back to Home

HiJacking DLL in Qt applications

qt software · dll hijacking · Oracle · virtualbox · wintab32

HiJacking DLL in Qt applications

    In March 2011, I wrote about the HiJacking DLL in VirtualBox . Then the developers said that the problem is not in their product, but in Qt , on which their products are based.
    Finally, finding the time, I decided to check it out. It turned out that way.

    I have been checked:


    And they were vulnerable.


    Video demonstration of vulnerability (video without sound):

    However, Oracle VirtualBox 4.1.2 was no longer vulnerable. Trying to find out with which version of Qt the problem was resolved, I began to study Qt changelog , where I found such an entry for version 4.7.1 : For those who use applications written in Qt, I recommend checking the library versions (Qt * .dll) located in that the same directory as the application executable. If their version is <4.7.1, update them manually by downloading Qt Libraries . List of potentially vulnerable applications (some of them already use updated Qt). UPD: Translation of the post into English Related links:

    QLibrary
    * [QT-3825] System libraries are only loaded from the system directories.









    1. DLL Hijacking (search tools, exploitation through Metasploit)
    2. Profitable Hijacking DLL (thanks elgrand )
    3. Microsoft Security Advisory (2269637)
      Insecure Library Loading Could Allow Remote Code Execution
      (thanks ComodoHacker )
    4. Qt: Security announcement - Windows DLL preloading
    5. A new registry key CWDIllegalInDllSearch has been published that allows you to control the algorithm of the DLL search path

    Read Next