The way this code looks, it opened up a backdoor into the app to load any code e... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

manas2004 on March 22, 2013 | parent | context | favorite | on: The Easter Egg Song

The way this code looks, it opened up a backdoor into the app to load any code embedded in the image, and execute it with the app's credentials - including access to app's in memory data. Major security hole for an enterprise app given that this could be used to override assembly signing. Just change the image, and the app would load and run any code embedded in that background image!

Cherian on March 22, 2013 [–]

Yes the image was embedded as a resource IIRC and the assembly signed (enterprise app)

manas2004 on March 22, 2013 | [–]

Oh ok - good that the image was not picked up from a path in the install folder. I thought that was the case! That would have been bad.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact