Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Flaw Could Enable Web Page to Launch Visual FoxPro 6.0
Message
From
05/09/2002 11:37:14
Jim Nelson
Toronto, Ontario, Canada
 
General information
Forum:
Visual FoxPro
Category:
Other
Title:
Re: Flaw Could Enable Web Page to Launch Visual FoxPro 6.0
Miscellaneous
Thread ID:
00696759
Message ID:
00697097
Views:
23
Armin,

So the wording is misleading in the bulletin!

The full statement in the "Technical Details" of the bulletin is: "In general, when an product installs, it should register itself with Internet Explorer. This allows the product to specify how Internet Explorer should handle files associated with it when referenced from a web page – for instance, it allows the product to specify whether the user should be presented with a warning dialogue before such a file is opened.

Visual FoxPro 6.0 does not perform this registration . . .".

Any reader would be correct in assuming that VFP6's install does NOT tamper with registration at all, but in fact it does! What it does not do, but is not clearly stated, is "register" the extensions properly! There is a big difference. Sure, "informed" readers might be able to infer the subtle meaning, but I don't think that is acceptable to risk.

I agree that Office does bad things with this too. In fact Office2000, at least for Word, seems to cause it to "stick" despite last access using Office97. BUT Office2000, any time its prior execution was using Office97 on any document, then takes 1-2 minutes to "install" itself. A bothersome exercise to say the least!

cheers


>Hi Jim,
>
>>Doesn't your test reveal that VFP 6 does, indeed, "register" with IE (but that it does not do it "properly")?
>
>Registering with IE simply means to have information in the registry that tells IE, whether it should ask the user before opening a file after download. Think of Word or Excel files: they're opened immediately when you click on a link that points to a doc or xls file. If you click on a link to an EXE or ZIP file, you're asked, whether you want to open or save the file. VFP6 regiters app files the first way, VFP7 the latter way.
>
>>I ask because the "Microsoft Security Bulletin MS02-49" says "Visual FoxPro 6.0 does not perform this registration....
>>It seems legitimate to assume that if it did not perform the necessary registration, then your VFP7-performed registration should have remained and thus protected you.
>
>If you're installing VFP6 after VFP7, VFP6 overwrites the registry information for app files, VFP7 has supplied.
>
>But this is even worse with MS Office products (or at least it was, I don't know if this has changed nowadays). If you were running Excel 5 and 6 on the same machine they always registered themselves on startup for the Excel file extensions. So it always depended on the version you had started the last time, launching the exe file, which version was started the next time you opened an XLS file in Explorer.
>
>Armin
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform