Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Flaw Could Enable Web Page to Launch Visual FoxPro 6.0
Message
From
05/09/2002 09:43:53
Jim Nelson
Toronto, Ontario, Canada
 
General information
Forum:
Visual FoxPro
Category:
Other
Title:
Re: Flaw Could Enable Web Page to Launch Visual FoxPro 6.0
Miscellaneous
Thread ID:
00696759
Message ID:
00697033
Views:
19
Armin,

This is interesting information.

Doesn't your test reveal that VFP 6 does, indeed, "register" with IE (but that it does not do it "properly")?

I ask because the "Microsoft Security Bulletin MS02-49" says "Visual FoxPro 6.0 does not perform this registration....
It seems legitimate to assume that if it did not perform the necessary registration, then your VFP7-performed registration should have remained and thus protected you.


regards

>Jacci,
>
>PMFJI, but I thought you and John might find this interesting ...
>
>I've had a look in the dialog where the file extensions and the associated registered applications are shown. I have both (VFP 6 and 7) installed on my machine and app files are registered to open without confirmation after download (that's the security hole). If I remember right, I installed VFP7 first and then VFP6 after upgrading my machine to Win XP. This is confirmed by the fact, that my VFP6 exe is registered for the execution of app files.
>
>My conclusion: If you have both versions installed, it depends on the order in which they were installed. First VFP 6, then 7 is ok. First VFP7 then VFP6, not ok.
>
>IMO you have two options: Check the setting on each machine you're not sure in which order both VFP versions were installed and only apply the patch to those, which are not ok - or simply patch each machine (probably the faster and easier way).
>
>Regards,
>Armin
>
>>John,
>>
>>Let me get this straight. If we have both VFP6 & VFP7 installed on the same machines we DON'T have to install the patch?
>>
>>Jacci
>>
>>>
>>>Well...most users of VFP6 end-user apps may not even know they have VFP6 runtimes and any rewording would be lost on them. Almost any VFP developer reading the bulletin will understand the implications and, hopefully, take the appropriate steps to ensure their customers or coworkers are taken care of.
>>>
>>>>What YOU say makes sense to me (i.e. if VFP7 "registers", for instance,the .app suffix, then it should work for VFP6 apps too.
>>>>BUT the text says, as I read it, that if VFP6 is installed you will have this problem.
>>>
>>>It's company confidential what the exact issue was and how the patch fixes it, sorry.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform