Bugs item #1881599, was opened at 2008-01-29 05:33
Message generated for change (Comment added) made by barnson
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1881599&group_id=105970
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: build process
Group: v3.0
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Krzysztof Wilkosz (kwilk)
Assigned to: Nobody/Anonymous (nobody)
Summary: Standard COM keys should be validated for quoting
Initial Comment:
Registry keys for COM written to
HKCR\CLSID\{UUID-UUID-UUID}\LocalServer32
HKCR\CLSID\{UUID-UUID-UUID}\LocalServer
HKCR\CLSID\{UUID-UUID-UUID}\InprocServer32
HKCR\CLSID\{UUID-UUID-UUID}\InprocServer
should be checked for correct quoting (must be quoted). Leaving values of these
registry keys unquoted opens security hole.
----------------------------------------------------------------------
>Comment By: Bob Arnson (barnson)
Date: 2008-05-02 04:37
Message:
Logged In: YES
user_id=26581
Originator: NO
These values are written either as short paths (using [!id] when
ShortPath="yes") or quoted long paths.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1881599&group_id=105970
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
WiX-devs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wix-devs
