Suppose that you want to run the following command:
C:\Program Files\Internet Explorer\iexplore
One cool thing about Windows is that although the path contains a space, it still runs the application fine, even if you don’t place quotes around the entire command and even if you don’t use the executable extension for iexplore.exe.
But how does Windows know where the program path ends and the program’s command line parameters begin? How does it know that the user isn’t trying to run a program named “C:\Program.exe” with the parameter “Files\Internet Explorer\iexplore?”
The problem is that it doesn’t know. It just starts at the beginning and tries finding an executable until it finds a match. So in this case, it will try these files every time you run the command:
C:\Program.exe
Xato - Passwords & Security
C:\Program Files\Internet.exe
C:\Program Files\Internet Explorer\iexplore.exe
Windowsはフォルダ名に空白を含むものが多いからなあ.空白を含むフォルダが作れるのはかまわないのだが,システムの重要な部分が空白を含むパスになっていて,かつ,そこをちゃんとエスケープするようになっていないといというのは問題だよね.