I have a problem testing my mfc application while using Application Verifier.
I have used "CreateProcess" API. Where first parameter is given NULL because the application I want to execute is a 16 bit app.
Please go through the following statements.....
Object Squatting Vulnerability:
Any application that launches other processes may potentially open itself up to squatting attacks.
The most common ways to do this are: Passing a NULL lpApplicationName to CreateProcess Passing a command line to CreateProcess (or similar API) that contains unquoted spaces in the program portion.
For example, this command line: C:\program files\foo.exe –t –g C:\program files\foo\bar would be flagged as invalid by SecurityChecks
If I use 1st param as NULL & second using 32 bit application along with some command line atttributes then it works fine.
So now how to pass my application through Application Verifier which uses CreateProcess for 16 bit applications.?
Thanx & Regards,
Microsoft is conducting an online survey to understand your opinion of the Msdn Web site. If you choose to participate, the online survey will be presented to you when you leave the Msdn Web site.
Would you like to participate?