locked
CreateProcess for 16 bit applications failes for Application Verifier RRS feed

  • Question

  •  

    Hi,

    I have a problem testing my mfc application while using Application Verifier.

     

    I have used "CreateProcess" API. Where first parameter is given NULL because the application I want to execute is a 16 bit app.

     

    Please go through the following statements..... 

    Object Squatting Vulnerability:

    Any application that launches other processes may potentially open itself up to squatting attacks.

    The most common ways to do this are:
          Passing a NULL lpApplicationName to CreateProcess
          Passing a command line to CreateProcess (or similar API) that contains unquoted spaces in the program portion.

    For example, this command line: C:\program files\foo.exe –t –g C:\program files\foo\bar would be flagged as invalid by SecurityChecks

    Visit: http://technet.microsoft.com/en-us/library/cc700837.aspx

     

    If I use 1st param as NULL & second using 32 bit application along
    with some command line atttributes then it works fine.

     

    So now how to pass my application through Application Verifier which
    uses CreateProcess for 16 bit applications.?

    Thanx & Regards,

    Vinod.

    Thursday, September 25, 2008 8:30 AM