Defense in depth — the Microsoft way (part 46): no checks for common path handling errors in "Application Verifier"

Posted by Stefan Kanthak on Mar 24

Hi @ll,

according to <https://msdn.microsoft.com/en-us/library/aa480483.aspx>
Microsoft’s “Application Verifier” [°] should detect the well-known
beginner’s error <https://cwe.mitre.org/data/definitions/428.html>:

| Checking for Proper Use of CreateProcess
|
| Calls to the CreateProcess API function are subject to attack if
| parameters are not specified correctly. AppVerifier generates an
| error if…

Leave a Reply