From 07bb27e3b94ee26128d5c7f800cdcf3232ff281a Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 8 Dec 2019 23:11:11 +0100 Subject: Windows: use fix for CVE-2019-19501 only on Vista and above since it doesn't make sens under XP. --- src/Common/Dlgcode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 5a837865..5e2dc39a 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -14238,9 +14238,10 @@ cleanup: // This function always loads a URL in a non-privileged mode // If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated +// Use this security mechanism only starting from Windows Vista void SafeOpenURL (LPCWSTR szUrl) { - if (IsAdmin ()) + if (IsAdmin () && IsOSAtLeast (WIN_VISTA)) { WCHAR szRunDllPath[TC_MAX_PATH]; WCHAR szUrlDllPath[TC_MAX_PATH]; -- cgit v1.2.3