CRITICAL: Windows command injection vulnerability in secure_exec quote handling

[krystophny]

CRITICAL SECURITY DEFECT: Command Injection on Windows

The Windows implementation of secure_exec contains CRITICAL command injection vulnerability due to inadequate quote escaping.

Vulnerable Code (fortplot_secure_exec.c:77-82):

if (strchr(argv[i], ' ')) {
    offset += snprintf(cmdline + offset, sizeof(cmdline) - offset, 
                     "\"%s\"", argv[i]);  // INADEQUATE ESCAPING
}

Security Impact:

• Arbitrary command execution on Windows systems
• Shell metacharacter injection through quote breaking
• Complete system compromise possible
• Bypasses security fixes from previous PRs

Attack Vector:
Arguments containing both spaces AND quotes can break out of quote protection:

Example Exploit:

// Attacker controls argv input
argv[1] = "file\"; calc.exe; echo \"";
// Results in: ffmpeg "file"; calc.exe; echo ""
// Executes: calc.exe (Windows Calculator as proof of concept)

Root Cause:
Windows CreateProcess cmdline construction performs naive quoting without proper escaping of embedded quotes.

Fix Required:
Implement proper Windows command line escaping per Microsoft documentation, or use CreateProcess with separate argv array without cmdline construction.

Component: Security, Windows Platform, Command Injection
Severity: CRITICAL - Remote code execution on Windows

[krystophny]

Consolidated into comprehensive security response Issue #946 - Windows command injection vulnerability is part of unified security hardening approach addressing all command execution vulnerabilities systematically