If someone has the file "C:\Program.exe" in their system (I had it because I was testing this problem on another application) it will run instead of PrimoPDF. This was fixed in my application by qualifying the load path with quotation marks. If you load an executable from C:\Program Files\Something Else\MyApp.exe without using quotes, it will try "C:\Program.exe", then "C:\Program Files\Something.exe", then the intended path. When quotes are in place around the path "C:\Program Files\Something Else\MyApp.exe", it should only make that one attempt.

I was testing this problem for my own apps after reading about a similar problem/security threat found in unpatched versions of McAfee ePolicy Orchestrator Agent since it would run C:\Program.exe or C:\Program Files\Network.exe (for "C:\Program Files\Network Associates\") with elevated permissions.

If someone has the file "C:\Program.exe" in their system (I had it because I was testing this problem on another application) it will run instead of PrimoPDF. This was fixed in my application by qualifying the load path with quotation marks. If you load an executable from C:\Program Files\Something Else\MyApp.exe without using quotes, it will try "C:\Program.exe", then "C:\Program Files\Something.exe", then the intended path. When quotes are in place around the path "C:\Program Files\Something Else\MyApp.exe", it should only make that one attempt.

I was testing this problem for my own apps after reading about a similar problem/security threat found in unpatched versions of McAfee ePolicy Orchestrator Agent since it would run C:\Program.exe or C:\Program Files\Network.exe (for "C:\Program Files\Network Associates\") with elevated permissions.


Can you please elaborate on this? I'm not sure this is possible but if you'll give me more of an explaination perhaps there is something I'm missing.