Windows: use fix for CVE-2019-19501 only on Vista and above since it doesn't make sens under XP.

This commit is contained in:
Mounir IDRASSI 2019-12-08 23:11:11 +01:00
parent 5e96a5c44c
commit 07bb27e3b9
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F

View File

@ -14238,9 +14238,10 @@ static bool RunAsDesktopUser(
// This function always loads a URL in a non-privileged mode
// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
// Use this security mechanism only starting from Windows Vista
void SafeOpenURL (LPCWSTR szUrl)
{
if (IsAdmin ())
if (IsAdmin () && IsOSAtLeast (WIN_VISTA))
{
WCHAR szRunDllPath[TC_MAX_PATH];
WCHAR szUrlDllPath[TC_MAX_PATH];