I've seen some posts in the past when some guy posts an executable to demonstrate one thing or another - at that point, most people indicate that they won't download an executable file and that source code must be posted. If a solution with source is then posted, people relax and may download the solution and play with it.
Yesterday I came across this thread. While I don't see this as a vulnerability in the strict sense of the word, I think that we all should be a bit careful when opening source code solutions. Some people don't realize that the load event of user controls is actually executed when the control is placed on a form. It would be a trivial matter for someone to create a user control which in its load event starts to delete files or install a rootkit. BTW, does anyone know whether VBForums would make an attempt to track the poster or inform his ISP if something like that might happen?
For people that don't have VS2005, attached is a solution that opens notepad. You need to build it first, then open form1.
Most folks, including myself, don't execute even source code that we have downloaded until all of the code in the project has been visually scanned and we have a feel for what it will do when executed.
There are basic precautions that everyone takes, but you can't guard against every possibility.
If it could be proven that a member knowingly posted malicious code, that user would be banned from this site.
Mindful of source code posts
Reply With Quote
