system() function security vulnerabilities?
It is frequently claimed that the system() function suffers security vulnerabilities. The usual explanation of these security vulnerabilities is that the program can be replaced with a malicious alternative.
Quote:
Originally Posted by Hunter2
anyone can write a program, name it 'pause.exe' or 'pause.com', and replace the one that came with your computer.
I'm just wondering if anybody could explain how this could be used as an exploit in any practical way (assuming the use of an absolute path)? At least on Windows, I'm just not seeing it.
Thanks.