Re: OCX and Digital Certificates question ( Problems with PKCS7 after Q328145 in Win2K)
From: Michel Gallant (MVP) (neutron@istar.ca)
Date: 09/29/02
- Next message: Kent W. England [MVP]: "Re: stopping porno"
- Previous message: Robin Bastian: "Q: MS02-053 & Office 2000 Server Extensions?"
- In reply to: Alex K. Angelopoulos \(MVP\): "Re: OCX and Digital Certificates question ( Problems with PKCS7 after Q328145 in Win2K)"
- Next in thread: David Cross [MS]: "Re: OCX and Digital Certificates question ( Problems with PKCS7 after Q328145 in Win2K)"
- Reply: David Cross [MS]: "Re: OCX and Digital Certificates question ( Problems with PKCS7 after Q328145 in Win2K)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michel Gallant (MVP)" <neutron@istar.ca> Date: Sun, 29 Sep 2002 11:05:19 -0400
Alex and Mauricio,
The related security patch for CEnroll (MS02-048) fixes some security issues associated
with being able to script that control from a web page context. You appear to
have that installed (version 5,131,3659,0)
Details at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-048.asp
So, if you are scripting from html, most methods will not work now .. better ActiveX security :-)
However, I have verified that the new verion of xenroll.dll works properly
from trusted standalone wsh scripts, like:
http://home.iSTAR.ca/~neutron/wsh/capicom/pvkcerts/PVKCertsWMI.vbs
which uses oXenroll.enumContainers(). This method, which used to work from
scripted html, now fails from html after applying the patch above.
- Michel Gallant MVP Security
"Alex K. Angelopoulos (MVP)" wrote:
> Mauricio,
>
> Does the same thing happen if you use the following code instead of an object
> tag?
>
> Set CEnroll = CreateObject("CEnroll.CEnroll")
> CEnroll.installPKCS7(Str)
>
> There do appear to be some changes in how this works. I'm including the main
> security groups in this response since they may have a good idea of what is
> actually happening here.
>
> In news:9e7801c2665d$ef5bfcd0$36ef2ecf@tkmsftngxa12,
> Mauricio Reveco typed:
> > I install in my win2k the Q328145 security update,
> > described in Microsoft Security Bulletin MS02-
> > 050 "Certificate Validation Flaw Could Enable Identity
> > Spoofing (Q328145)"
> >
> > After the installation the next code didn't work anymore
> > _______________________________________
> > <OBJECT classid="clsid:43F8F289-7A20-11D0-8F06-
> > 00C04FC295E1" codebase="xenroll.dll#Version=5,131,2146,1"
> > id="control"></OBJECT>
> > <script language="vbscript">
> > control.installPKCS7 <String parameter>
> > </script>
> > _____________________________________________________
> > the script throw an error message about nonexistent
> > method called "installPKCS".
> >
> > I replace the <OBJECT> Tag by the next sentence:
> > _________________________________________________
> > <OBJECT classid="clsid:5B9169C0-DB65-42AA-A38A-
> > 0726846AAEB3" codebase="xenroll.dll#Version=5,131,3659,0"
> > id="control"></OBJECT>
> > _________________________________________________
> >
> > but it didn't work, I get the Class ID and Version from
> > the new xenroll.dll installed in my Windows/system32
> > directory.
> >
> > Can you help with this?
> >
> > Thanks!
>
> --
> Please respond in the newsgroup so everyone may benefit.
> http://dev.remotenetworktechnology.com
> ----------
> Subscribe to Microsoft's Security Bulletins:
> http://www.microsoft.com/technet/security/bulletin/notify.asp
- Next message: Kent W. England [MVP]: "Re: stopping porno"
- Previous message: Robin Bastian: "Q: MS02-053 & Office 2000 Server Extensions?"
- In reply to: Alex K. Angelopoulos \(MVP\): "Re: OCX and Digital Certificates question ( Problems with PKCS7 after Q328145 in Win2K)"
- Next in thread: David Cross [MS]: "Re: OCX and Digital Certificates question ( Problems with PKCS7 after Q328145 in Win2K)"
- Reply: David Cross [MS]: "Re: OCX and Digital Certificates question ( Problems with PKCS7 after Q328145 in Win2K)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
