Hi,
I have a problem testing my mfc application while using Application Verifier.
I have used "CreateProcess" API. Where first parameter is given NULL because the application I want to execute is a 16 bit app.
Please go through the following statements.....
Object Squatting Vulnerability:
Any application that launches other processes may potentially open itself up to squatting attacks.
The most common ways to do this are:
Passing a NULL lpApplicationName to CreateProcess
Passing a command line to CreateProcess (or similar API) that contains unquoted spaces in the program portion.
For example, this command line: C:\program files\foo.exe –t –g C:\program files\foo\bar would be flagged as invalid by SecurityChecks
Visit: http://technet.microsoft.com/en-us/library/cc700837.aspx
If I use 1st param as NULL & second using 32 bit application along
with some command line atttributes then it works fine.
So now how to pass my application through Application Verifier which
uses CreateProcess for 16 bit applications.?
Thanx & Regards,
Vinod.
