You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Drag/drop or cut/paste items from one process to another can occur and there is no restrictions in place at the moment. We should consider adding the ability to avoid deserializing binary formatted OLE items unless source originated from in process via a switch. The key points to check at for whether the data came from a different process would be in Clipboard.GetDataObject and DropTarget.CreateWinFormsDataObjectForOutgoingDropData as these will occur before we pass the data back out to the user.
As part of this we should understand what OLE already does/does not allow e.g. is pasting/dropping allowed from elevated process to non-elevated? Vice versa? Etc. We should also determine whether the switch should be by default on or not.
The text was updated successfully, but these errors were encountered:
Drag/drop or cut/paste items from one process to another can occur and there is no restrictions in place at the moment. We should consider adding the ability to avoid deserializing binary formatted OLE items unless source originated from in process via a switch. The key points to check at for whether the data came from a different process would be in Clipboard.GetDataObject and DropTarget.CreateWinFormsDataObjectForOutgoingDropData as these will occur before we pass the data back out to the user.
As part of this we should understand what OLE already does/does not allow e.g. is pasting/dropping allowed from elevated process to non-elevated? Vice versa? Etc. We should also determine whether the switch should be by default on or not.
The text was updated successfully, but these errors were encountered: