Hi Jonathan,

This is interesting (IMHO), because - while I'm a long time vfp-programmer - I was not aware of the existence of VFP7RUN.EXE. This is because I'm used to building applications that consist of a main exe and several apps. The main exe includes the loader, but it won't ever start another app by clicking on that app. While I do distribute the runtime library VFP7R.DLL, I never distribute VFP7RUN.EXE. The way I distribute applications is quite common and it will NOT make the user's pc vulnerable.

>Hi Peter,
>
>I installed the VFP runtime on a machine that has never had VFP or the runtime before. After installation, the .app file extension is registered and set to run with VFP6RUN.exe (part of the VFP runtime). If I double-click on an .app file, it executes just fine. So, users with just the runtime are also vulnerable.
>
>Jonathan
>
>>>Vulnerable.
>>>
>>>>If I patch my dev copy of VFP6, then create a distribution for an app which includes VFP6 runtime, will users who install my app be protected or vulnerable?
>>
>>John,
>>
>>The runtime files are only DLL's, which are not linked to any file extension. A machine that ONLY has the (distributable) runtime files will NOT be able to launch an APP in any way. Am I missing something?
>>
>>Peter