Access交流网
  • 设为首页|收藏本站|繁体中文|手机版
  •     
  • Access培训-Access开发平台-Access行业开发

  • 首页
  • 资讯
  • 技巧
  • 源码
  • 行业
  • 资源
  • 活动
  • 关于

技巧

ACCESS数据库

启动/设置/选项/背景

修复/压缩

安全/加密/解密

快捷键

版本升级/其它等

数据表

命名方式/设计规范

表设计

查询

Sql语言基础

选择查询

更新查询

删除查询

追加查询

生成表查询

交叉表查询

SQL特定查询

查询参数

查询综合应用

界面/窗体/控件

标签

文本框

命令按钮

组合框/列表框

选项组/复选框/选项按钮

选项卡

子窗体

窗体本身/综合应用

其它

报表打印

报表设计

高级报表

模块/函数/VBA/API/系统

VBA基础

内置函数

调试/跟踪/Debug

模块/类模块

API/COM/系统相关

字符数字日期

网络通信游戏

加密解密安全

文件处理

经典算法

宏/菜单/工具栏/功能区

宏/脚本

菜单/工具栏

功能区/Ribbon

图表/图形/图像/多媒体

图表

图形/图像

音频

视频/动画

DAO/链接表/ADO/ADP

DAO/链接表/ODBC

ADO/RDO

ADP

ActiveX/第三方控件/插件

Treeview树控件

ListView列表控件

Toolbar工具栏控件

微软其它控件

Dbi-Tech

CodeJock

Grid++Report

FastReport

ComponentOne

加载项/插件/Addin

OFFICE集成/导入导出/交互

Excel导入导出/交互

Word导入导出/交互

PPT交互

Outlook控制/邮件

Text文本文件/INI/CSV

PDF/SWF/XML格式

CAD格式

Sharepoint/其它Office

SqlServer/其它数据库

表

视图

存储过程/触发器

函数

用户/权限/安全

调试/维护

SqlServer其它/综合

发布/打包/文档/帮助

开发版/运行时

打包/发布/部署

开发文档/帮助制作

Access完整行业系统

采购管理系统

销售管理系统

仓库管理系统

人力资源管理HRM

CRM管理系统

MRP/ERP管理系统

BRP/流程优化

其它管理系统

心得/经验/绝招
其它/杂项
Excel技巧

Excel应用与操作

Excel开发编程

Word技巧

Word应用与操作

Word开发编程

Outlook技巧

Outlook应用与操作

Outlook开发编程

热门文章

  • RichTextBox无法..
  • TreeView控件使用教..
  • 注册ActiveX控件的几..
  • Access控件焦点获得的..
  • 第三方ActiveX控件L..
  • Access的Treevi..

最新文章

  • 在Access中使用Fon..
  • 完美解决“无法装载这个对象..
  • 快速学习Treeview树..
  • 一个可免注册的Access..
  • Access如何添加引用及..
  • 锐浪报表(Grid++Re..

联系方式

Access交流网(免费Access交流)

QQ:18449932 

网  址:www.access-cn.com

当前位置:首页 > 技巧 > ActiveX/第三方控件/插件
ActiveX/第三方控件/插件

The Kill-Bit FAQ: Part 2 of 3

原文: http://blogs.technet.com/b/srd/archive/2008/02/07/the-kill_2d00_bit-faq_3a00_-post-2-of-3.aspx

It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the second part of our three-part Kill-Bit FAQ.

The Kill-Bit FAQ – Part 2 of 3

How do ActiveX Controls, OLE Controls, and COM Objects relate?

An ActiveX control is an OLE control that is intended to be used inside a web browser. Likely an ActiveX control is marked Safe for Scripting and Safe for Initialization as well as being packaged to be installed via Authenticode. More information on the difference between OLE and ActiveX controls is available here.

All ActiveX / OLE controls are COM objects, but not vice versa. ActiveX / OLE controls are built on COM and implement a required minimum set of interfaces in order to operate properly within any OLE container. More information on the requirements that a COM object must meet in order to be considered a valid OLE control can be found here.

ActiveX Controls, OLE Controls, and COM Objects all can be instantiated in IE with an OBJECT tag or through script (“new ActiveXObject”, etc.) All are subject to Safe for Scripting, Safe for Initialization and the Kill-Bit.

Will IE host any ActiveX Control, OLE Control, or COM Object?

Sort of. Prior to MS05-052, IE treated all COM objects equally. Any registered COM object could be instantiated within the browser just as long as the Kill-Bit wasn’t in place for its CLSID. Safe for Scripting and Safe for Initialization would be verified only after instantiation as particular operations were attempted on the object. Think about it – there’s no way to call into a control’s implementation of IObjectSafety without actually instantiating the control!

In MS05-052, IE made a change that affects the way controls are instantiated in the Internet zone. The IObjectSafety check is now frontloaded so that IE can determine control safety status quickly and abort instantiation as soon as a control is identified as unsafe. Extra unnecessary probing of COM objects upon instantiation was a contributing factor to the exploitability of many COM object instantiation bugs. Control authors can set the compatibility flag value of 0x00800000 on their controls to opt-out of this new behavior if necessary.

How does the Kill-Bit interact with “Safe for Scripting” and “Safe for Initialization” (SFS / SFI)?

The Kill-Bit trumps SFS / SFI. If a control has the Kill-Bit, it just won’t load within Kill-Bit aware applications, period.

If I Kill-Bit my vulnerable object / control, should I still release a fixed version?

If you are releasing a Kill-Bit for a vulnerable object, it makes sense to issue a code fix as well. A code fix will mitigate the threat posed by environments that provide an attack scenario through which the vulnerability can be exploited yet do not support the Kill-Bit. If you do release a fixed version as well as a Kill-Bit, make sure to give the control a new CLSID and issue a “Phoenix-Bit” (see below) as necessary if the update control must operate within Kill-Bit aware environments.

What is the “Phoenix-Bit” a.k.a. AlternateCLSID?

Since a Kill-Bit completely prevents a control from loading in the browser, there needs to be a way to safely revise a control without breaking web content that references the killed CLSID. The Phoenix-Bit does this – it allows control developers to kill the vulnerable CLSID and transparently redirect requests for the old CLSID to a new CLSID. The name “Phoenix-Bit” honors the mythical Phoenix bird known for its regenerative ability.

When verifying that a CLSID has or has not been killed, MSHTML will check to see whether an alternate CLSID has been provided for use in place of a killed CLSID. This will allow pages or Kill-Bit aware applications that have not been revised to refer to the new CLSID and still function.

To implement the Phoenix-Bit, add an “AlternateCLSID” string value to the killed CLSID under the ActiveX Compatibility key. The Phoenix-Bit requires that the Kill-Bit is also set. Example:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\

{CLSID of killed ActiveX control}, Compatibility Flags, 0x0400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\

{CLSID of killed ActiveX control}, AlternateCLSID, “{CLSID of alternate ActiveX control}”

clip_image002

 

Warning - Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Modify the registry at your own risk.

The alternate CLSID requires the curly braces. It is possible to chain redirects up to ten levels deep.

The Phoenix-Bit was introduced in IE6 SP1 and was backported to downlevel versions (5.01 and 5.5) in 2003. It is supported on all fully patched versions of IE >= 5.01.

If I implement the Phoenix-Bit should the control still support the old CLSID?

If the control is intended to be hosted outside of IE, then yes. In that case the control should support both the old CLSID and the new CLSID. Otherwise, hosts that do not understand or honor the Phoenix-Bit will be broken if they reference the control by the old CLSID.

Are there any alternatives to the Phoenix-Bit?

Ditching your control’s existing CLSID may be difficult if the CLSID is hard-coded in many web pages. The recommended solution to this problem is the Phoenix-Bit (see above). Besides the Phoenix-Bit, there are a few potential alternate solutions you may want to investigate:

  • TreatAs is similar to the Phoenix-Bit but applies to any client of a particular object rather than just MSHTML or other Kill-Bit / Phoenix-Bit aware applications. Set TreatAs like this: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CLSID}\TreatAs = <CLSID_TreatAs> 
    TreatAs is documented here.
  • It may not be necessary to Kill-Bit a vulnerable object if it was never shipped as a signed DLL / OCX, within a signed CAB, or within a signed executable installer. In the absence of a signed package it won’t be possible for a web page to foist an old / vulnerable signed control onto users as described above (see “Why does my vulnerable control / object need a Kill-Bit?”).
  • Software publisher certificate revocation.
  • It may be possible to effectively kill a control by making a change to the underlying platform that breaks the older control while still allowing the new control to load properly. The change would need to affect the control’s ability to load before the potential vulnerability can be exploited. For example, imagine that setting a particular registry key to an invalid value causes a control to abort before initializing. Setting this key could effectively block the old / vulnerable versions of the control from loading while a new / fixed version of the control could ignore the invalid value.#p#分页标题#e#
  • Internet Explorer has implemented a mechanism to block download / installation of specific signed binaries based on their hash. Hashes are stored under HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\Restriction Policies\Hashes.
  • Administrators can use the Administrator Approved Controls feature to provide a list of specific controls that will run.

Is there an easy way for users to block ActiveX controls in Internet Explorer without setting a Kill-Bit?

Yes, the Add-on Manager in XP SP2 and above allows users to easily disable specific ActiveX controls in Internet Explorer. It’s worth mentioning though that this is not technically equivalent to setting a Kill-Bit. So for example, Windows applications that respect the Kill-Bit to block ActiveX controls may or may not respect the Add-on Manager settings.

- Security Vulnerability Research & Defense Bloggers

*Postings are provided "AS IS" with no warranties, and confers no rights.*

发布人:admin  
分享到:
点击次数:  更新时间:2013-10-01 21:07:59  【打印此页】  【关闭】
上一条:The Kill-Bit FAQ: Part 3 of 3  下一条:The Kill-Bit FAQ: Part 1 of 3



相关文章

  • • 在Access中使用Font Awesome字符图标
  • • 完美解决“无法装载这个对象”的困扰
  • • 快速学习Treeview树状控件的详细教程
  • • 一个可免注册的Access增强控件库
  • • Access如何添加引用及调整引用的顺序
  • • 锐浪报表(Grid++Report)的一些开发技巧
  • • Grid++Report 锐浪报表开发常见问题解答集锦
  • • RichTextbox控件RTF(富文本格式)的使用及常用语法

热门文章

  • [2008-12-29] 第三方ActiveX控件License控制的一个漏洞access数据库
  • [2004-01-07] 在VB通过vsreport使用ACCESS的报表access数据库
  • [2013-10-01] Access中使用TreeView 树形控件 详细讲解(Excel Word Office都可access数据库
  • [2013-10-01] The Kill-Bit FAQ: Part 2 of 3access数据库
  • [2006-09-16] 三小时掌握TREEVIEW控件access数据库
  • [2009-04-18] TreeView控件使用教程2access数据库

热门产品

公司动态|在线留言|在线反馈|友情链接|会员中心|站内搜索|网站地图

Access交流网 版权所有 1999-2018 粤ICP备10043721号

QQ:18449932

Access应用 Access培训 Access开发 Access平台

access|数据库|access下载|access教程|access视频|access软件

Powered by MetInfo 5.3.12 ©2008-2023  www.metinfo.cn