univiewer_console compiled without ControlFlowGuard Protection (CFG)
Article ID: 253032
Updated On:
Products
Issue/Introduction
Following a Security Audit that was performed, one of the results raised that one of the binaries used to launch the Univiewer Console Standalone does not have the ControlFlowGuard flag enabled, is this normal?
Environment
Release : 6.x or 7.x
Component: Univiewer Console Standalone
Resolution
The univiewer_console.exe is a binary generated by a Java compiler and not a C++ program compiled with Visual Studio, this is because UVC is a Java program and this binary just wraps the call to the java command (jawaw.exe) needed to launch the Console.
This CFG Flag only applies to C code and not to JAVA binaries. It does not exist for java at all, due to how memory is handled in Java applications, so nothing to worry about.
It is normal the ControlFlowGuard appears as False on a Java binary.
Feedback
