search cancel

univiewer_console compiled without ControlFlowGuard Protection (CFG)

book

Article ID: 253032

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Following a Security Audit that was performed, one of the results raised that one of the binaries used to launch the Univiewer Console Standalone does not have the ControlFlowGuard flag enabled, is this normal?

Environment

Release : 6.x or 7.x

Component: Univiewer Console Standalone

Resolution

The univiewer_console.exe is a binary generated by a Java compiler and not a C++ program compiled with Visual Studio, this is because UVC is a Java program and this binary just wraps the call to the java command (jawaw.exe) needed to launch the Console.

This CFG Flag only applies to C code and not to JAVA binaries. It does not exist for java at all, due to how memory is handled in Java applications, so nothing to worry about.

It is normal the ControlFlowGuard appears as False on a Java binary.

Attachments