A vulnerability has been found in Qt Creator 2.0.0 and previous versions. The vulnerability occurs because of an insecure manipulation of a Unix environment variable by the "qtcreator" shell script. It manifests by causing Qt or Qt Creator to attempt to load certain library names from the current working directory.
This could cause certain Unix shared libraries to be loaded by Qt Creator from the current working directory. The issue does not affect Windows or Mac OS X. It also does not affect the most recent Qt Creator 2.0.1 release.
The issue has been assigned the identifier CVE-2010-3374. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-337
Recommendation
To nullify any risk posed by this issue, we recommend users of Qt Creator 2.0.0 or earlier upgrade to the most recent release, Qt 2.0.1. It can be downloaded from get.qt.nokhttp://www.blogger.com/img/blank.gifia.com
Users unable to upgrade at this time can replace their "qtcreator" scripts
with the qtcreator.bin binary found in the package distribution, or with the updated script found in the public Qt Creator repository.
The link to the updated script is: http://www.qt.gitorious.org/qt-creator/qt-creator/blobs/3c00715c8e90c57953ec4a8716110f6954e524e4/bin/qtcreator
Source: http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms
