O'Reilly logo

Security for Microsoft® Visual Basic® .NET by Michael James Bond, Ed Robinson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Child-Application Attacks

If you use the Shell statement or some other mechanism to dynamically load other applications (child applications) at run time, you need to take defensive measures to prevent unwanted applications from being loaded and executed. For example, if you’re attempting to run an application where the path to the application contains spaces such as ‘C:\PROGRAM FILES\MyApplication\MyApp.Exe’ or ‘C:\DOCUMENTS and SETTINGS\MySubApplication\SubApp.Exe’, your application could end up loading any application that matches a portion of the path. This is similar to how you could inadvertently open a file in an unexpected location if the path is not in canonical form, as you learned earlier. If an application named C:\PROGRAM.EXE exists, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required