Guardian for CWE-428
The batch script
GUARDIAN.CMD creates empty files
‹filename›.EXE next to some or all
subdirectories which contain a space in their name it finds in the
root directory of Windows'
%SystemDrive%, underneath the directories
"%ProgramFiles%\" and (if it exists)
"%ProgramFiles(x86)%\" as well as
"%USERPROFILE%\" to let execution of these
and applications due to the well-known weaknesses listed as
CWE-426: Untrusted Search Path,
CWE-427: Uncontrolled Search Path Element
CWE-428: Unquoted Search Path or Element
The batch script
is packaged in the (compressed and
Code authenticity and integrity
WEB.DE TrustCenter E-Mail Certification Authority.
- Serial number
- MD5: e5 0b 01 66 ce 2e 7a 03 f4 98 39 37 f6 f9 9f ba
- SHA-1: 79 05 5d 63 2f 03 31 83 04 e2 ff 3b 25 b9 cc b6 70 ad ec 31
Download and install the
X.509 certificates of
to validate and verify the digital signature.
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
Note: the digital signature remains valid past the
certificates expiration date due to its counter signature alias
The installation requires administrative privileges.
Automatic online installation
If visited with Internet Explorer, this web page will
prompt to install (the contents of) the package using
Internet Component Download.
Manual offline installation
Download the package
and verify its digital signature, then open it in
Windows Explorer, extract its contents and call the
extracted batch script
to run the installation.
If you miss anything here, have additions, comments, corrections,
criticism or questions, want to give feedback, hints or tipps,
report broken links, bugs, errors, inaccuracies, omissions,
vulnerabilities or weaknesses, …:
don't hesitate to
and feel free to ask, comment, criticise, flame, notify or report!
Use the X.509
Notes: I dislike
even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely
to be discarded.
I abhor top posts and expect inline quotes in replies.
Terms and conditions
By using this site, you signify your agreement to these terms and
conditions. If you do not agree to these terms and conditions, do
not use this site!
- The software and the documentation on this site are provided
as is without any warranty, neither express nor
In no event will the author be held liable for any damage(s)
arising from the use of the software or the documentation.
- Permission is granted to use the current version
of the software and the current version of the
documentation solely for personal private and non-commercial
An individuals use of the software or the documentation in his or
her capacity or function as an agent, (independent) contractor,
employee, member or officer of a business, corporation or
organization (commercial or non-commercial) does not qualify as
personal private and non-commercial purpose.
- Without written approval from the author the software or the
documentation must not be used for a business, for
commercial, corporate, governmental, military or organizational
purposes of any kind, or in a commercial, corporate, governmental,
military or organizational environment of any kind.
- Redistribution of the software and the documentation is allowed
only in unmodified form of its current version and
free of charge.
Copyright © 1995-2017 • Stefan Kanthak •