willibrandon
commented
3 weeks ago As part of this we should understand what OLE already does/does not allow e.g. is pasting/dropping allowed from elevated process to non-elevated? Vice versa?
From what I understand dropping from elevated to non-elevated and vice versa is not allowed, however, there are scenarios where the ability to do that could really come in use. I have no idea if it’s possible to change that behavior but it’s high on my wish list.
Drag/drop or cut/paste items from one process to another can occur and there is no restrictions in place at the moment. We should consider adding the ability to avoid deserializing binary formatted OLE items unless source originated from in process via a switch. The key points to check at for whether the data came from a different process would be in Clipboard.GetDataObject and DropTarget.CreateWinFormsDataObjectForOutgoingDropData as these will occur before we pass the data back out to the user. As part of this we should understand what OLE already does/does not allow e.g. is pasting/dropping allowed from elevated process to non-elevated? Vice versa? Etc. We should also determine whether the switch should be by default on or not.