Merge pull request #4446 from MugBergerFries/patch-7

prmerger-automator[bot] · web-flow · commit dc0bd701b050 · 2022-09-28T23:58:38.000Z
Updated C6277
diff --git a/docs/code-quality/c6277.md b/docs/code-quality/c6277.md
@@ -1,21 +1,27 @@
 ---
 description: "Learn more about: C6277"
 title: C6277
-ms.date: 11/04/2016
+ms.date: 09/28/2022
 ms.topic: reference
-f1_keywords: ["C6277"]
+f1_keywords: ["C6277", "CREATEPROCESS_ESCAPE", "__WARNING_CREATEPROCESS_ESCAPE"]
 helpviewer_keywords: ["C6277"]
 ms.assetid: 2b41252a-68c2-4e92-b005-0458db5f4430
 ---
-# C6277
+# Warning C6277
 
-> warning C6277: NULL application name with an unquoted path in call to \<function>: results in a security vulnerability if the path contains spaces
+> NULL application name with an unquoted path in call to '*function-name*': results in a security vulnerability if the path contains spaces
 
-This warning indicates that the application name parameter is null and there might be spaces in the executable path name. In this case, unless the executable name is "fully qualified," there is likely to be a security problem. A malicious user might insert a rogue executable with the same name earlier in the path. To correct this warning, you can specify the application name instead of passing null or if you do pass null for the application name, use quotation marks around the executable path.
+This warning indicates that the application name parameter is null and that there might be spaces in the executable path name.
+
+## Remarks
+
+Unless the executable name is fully qualified, there's likely to be a security problem. A malicious user could insert a rogue executable with the same name earlier in the path. To correct this warning, you can specify the application name instead of passing null. Alternatively, if you do pass null for the application name, use quotation marks around the executable path.
+
+Code analysis name: CREATEPROCESS_ESCAPE
 
 ## Example
 
-The following sample code generates this warning because the application name parameter is null, and the executable path name has a space in it; there is a risk that a different executable could be run because of the way the function parses spaces. For more information, see [CreateProcess](/windows/desktop/api/processthreadsapi/nf-processthreadsapi-createprocessa).
+The following sample code generates warning C6277. The warning is caused by the NULL application name and from the executable path name having a space. Due to how the function parses spaces, there's a risk that a different executable could be run. For more information, see [`CreateProcessA`](/windows/desktop/api/processthreadsapi/nf-processthreadsapi-createprocessa).
 
 ```cpp
 #include <windows.h>
