Child-Application Attacks
If you use the Shell statement or some other mechanism to dynamically load other applications (child applications) at run time, you need to take defensive measures to prevent unwanted applications from being loaded and executed. For example, if you’re attempting to run an application where the path to the application contains spaces such as ‘C:\PROGRAM FILES\MyApplication\MyApp.Exe’ or ‘C:\DOCUMENTS and SETTINGS\MySubApplication\SubApp.Exe’, your application could end up loading any application that matches a portion of the path. This is similar to how you could inadvertently open a file in an unexpected location if the path is not in canonical form, as you learned earlier. If an application named C:\PROGRAM.EXE exists, ...
Get Security for Microsoft® Visual Basic® .NET now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.