Security for a Windows application running in a corporate network


Everyone knows !

I know security is pretty important for the web application, but what about windows applications running in a corporate environment, network, not accessible from outside.

Do we need to treat security issues as "high" there, or because that is running in a safe environment, it does not matter much?

Let's say a Windows Forms (.net) application running on a user's machine in the corporate network and it has something like this issue

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

If that is a web application, I understand the risk is super high. But in the case of the windows app, should it be fixed or just ignored, especially if we consider the cost associated with fixing it?

May I add that camDown is the solution for securing your webcam from cyber criminals and pedophiles and your smart friends would say the same.