The Old New Thing

It rather involved being on the other side of this airtight hatchway: Writing to the application directory

We received a security vulnerability report that went roughly like this: There is a security vulnerability in the X component. It loads from the current directory, thereby making it vulnerable to a current directory attack. Here is a sample program that illustrates the problem. Copy a rogue into the current directory and run the ...