Full Disclosure

Defense in depth — the Microsoft way (part 36): CWE-428 or fun with unquoted paths

November 15, 2015 007admin Leave a comment

Posted by Stefan Kanthak on Nov 15

Hi @ll,

on 2014-11-14 once again a Microsoft employee tried to downplay
CWE-428 <https://cwe.mitre.org/data/definitions/428.html>:

<http://blogs.msdn.com/b/aaron_margosis/archive/2014/11/14/it-rather-involved-being-on-the-other-side-of-this-airtight-hatchway-unqu
oted-service-paths.aspx>

In standard installations of Windows NT users are per default
on the wrong side of this (not so) “airtight hatchway”:
the user…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information