Access编程交流网
  • 设为首页|收藏本站|繁体中文|手机版
  •     
  • Access培训-Access开发平台-Access行业开发

  • 首页
  • 资讯
  • 技巧
  • 源码
  • 行业
  • 资源
  • 活动
  • 关于

技巧

ACCESS数据库

启动/设置/选项/背景

修复/压缩

安全/加密/解密

快捷键

版本升级/其它等

数据表

命名方式/设计规范

表设计

查询

Sql语言基础

选择查询

更新查询

删除查询

追加查询

生成表查询

交叉表查询

SQL特定查询

查询参数

查询综合应用

界面/窗体/控件

标签

文本框

命令按钮

组合框/列表框

选项组/复选框/选项按钮

选项卡

子窗体

窗体本身/综合应用

其它

报表打印

报表设计

高级报表

模块/函数/VBA/API/系统

VBA基础

内置函数

调试/跟踪/Debug

模块/类模块

API/COM/系统相关

字符数字日期

网络通信游戏

加密解密安全

文件处理

经典算法

宏/菜单/工具栏/功能区

宏/脚本

菜单/工具栏

功能区/Ribbon

图表/图形/图像/多媒体

图表

图形/图像

音频

视频/动画

DAO/链接表/ADO/ADP

DAO/链接表/ODBC

ADO/RDO

ADP

ActiveX/第三方控件/插件

Treeview树控件

ListView列表控件

Toolbar工具栏控件

微软其它控件

Dbi-Tech

CodeJock

Grid++Report

FastReport

ComponentOne

加载项/插件/Addin

OFFICE集成/导入导出/交互

Excel导入导出/交互

Word导入导出/交互

PPT交互

Outlook控制/邮件

Text文本文件/INI/CSV

PDF/SWF/XML格式

CAD格式

Sharepoint/其它Office

SqlServer/其它数据库

表

视图

存储过程/触发器

函数

用户/权限/安全

调试/维护

SqlServer其它/综合

发布/打包/文档/帮助

开发版/运行时

打包/发布/部署

开发文档/帮助制作

Access完整行业系统

采购管理系统

销售管理系统

仓库管理系统

人力资源管理HRM

CRM管理系统

MRP/ERP管理系统

BRP/流程优化

其它管理系统

心得/经验/绝招
其它/杂项
Excel技巧

Excel应用与操作

Excel开发编程

Word技巧

Word应用与操作

Word开发编程

Outlook技巧

Outlook应用与操作

Outlook开发编程

热门文章

  • EXE修改安全级别并启动A..
  • ACCESS用代码如何压缩..
  • ACCESS数据库的安全系..
  • 在Access Table..
  • Access设置宏的安全等..
  • 保护Access 2000..

最新文章

  • Access提示“操作或事..
  • Access设置宏的安全等..
  • 在安全补丁Security..
  • 【技巧】如何让Access..
  • 以前流行的4种Access..
  • ACCESS使用链接表共享..

联系方式

Access交流网(免费Access交流)

QQ:18449932 

网  址:www.access-cn.com

当前位置:首页 > 技巧 > ACCESS数据库 > 安全/加密/解密
安全/加密/解密

在安全补丁Security Advisory 960715 更新之后 ACCESS或Visual B

在安全补丁Security Advisory 960715 更新之后 ACCESS或Visual Basic 6 停止工作 

原文:  http://blogs.msdn.com/b/vsod/archive/2009/06/05/visual-basic-6-controls-stop-working-after-security-advisory-960715.aspx

Visual Basic 6 Controls stop working after Security Advisory 960715

 
Summary of the issue: After installing security advisory 960715 and opening a workbook with one of Visual Basic 6 ActiveX controls embedded in the workbook you receive an error:
“Object library invalid or contains references to object definitions that could not be found” or “Element not found.”
See Microsoft security bulletin MS08-070 article 932349 for more information regarding this error:
MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) could allow remote code execution.
Please refer to the “Known issues with this security update” in the “More Information” section.
<<<Update 4th March 2010: Begin>>>
 
It is important to remember that the security update stated in this blog, 960715, will be included in all subsequent Cumulative Updates of ActiveX Kill Bits. Check the Frequently Asked Questions of the CU KB article that’s affecting you to see if it is included.
 
<<<Update 4th March 2010: End>>>
Cause: The security advisory listed above sets the kill bit for the following Visual Basic 6 ActiveX controls.
The VB6 controls affected are:
File Name Control Name  Class Identifier (CLSID)
Comct232.ocx  Windows Common Controls {1E216240-1B7D-11CF-9D53-00AA003C9CB6}
Mschrt20.ocx  Chart Control (OLEDB) {3A2B370C-BA0A-11d1-B137-0000F8753F5D}
Mscomct2.ocx  Windows Common Controls-2  {B09DE715-87C1-11d1-8BE3-0000F8754DA1}
Msdatgrd.ocx  DataGrid Control 6.0 (OLEDB) {cde57a43-8b86-11d0-b3c6-00a0c90aea82}
Msflxgrd.ocx  FlexGrid Control 6.0 {6262d3a0-531b-11cf-91f6-c2863c385e30}
Mshflxgd.ocx  Hierarchical FlexGrid Control {0ECD9B64-23AA-11d0-B351-00A0C9055D8E}
Msmask32.ocx  Masked Edit Control {C932BA85-4374-101B-A56C-00AA003668DC}
MSWinsck.ocx Winsock Control 6.0 {248dd896-bb45-11cf-9abc-0080c7e7b78d}
Theses kill bits were necessary because of security vulnerabilities found within these controls and addressed in Microsoft security bulletin MS08-070 http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
 
To ensure that the correct ActiveX control is being used Microsoft had disabled the particular GUID or “kill bit” the control. Setting the kill bit makes sure that even if a vulnerable component (i.e. malicious code) is introduced or is re-introduced to a system, it remains inert and harmless. Kill-Bits must be issued to prevent old / vulnerable signed versions of controls from being effectively imposed on users. Even if you have a fixed version of the control on your system, a renamed and signed DLL or OCX served from a malicious web page can revert the machine to an insecure state. The software vendor cannot just update the control with the same GUID because there is no way ensure that control in use is the updated control.
For more information about the kill bit for ActiveX controls, see the following Microsoft Security Vulnerability Research & Defense Blog posts:
The Kill-Bit FAQ: Part 1 of 3 
http://blogs.technet.com/swi/archive/2008/02/06/The-Kill_2D00_Bit-FAQ_3A00_-Part-1-of-3.aspx
The Kill-Bit FAQ: Part 2 of 3 
http://blogs.technet.com/swi/archive/2008/02/07/The-Kill_2D00_Bit-FAQ_3A00_-Post-2-of-3.aspx
The Kill-Bit FAQ: Part 3 of 3 
http://blogs.technet.com/swi/archive/2008/02/08/The-Kill_2D00_Bit-FAQ_3A00_-Part-3-of-3.aspx
To resolve this issue you must update the development computer with updated controls and then update the controls on the client computer. Please see step by step instructions below.
On Development Computer
1. Install the Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Updatehttp://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=cb824e35-0403-45c4-9e41-459f0eb89e36
2. Delete the cached versions of the control type libraries (extender files). To do this, search your hard drive for ".exd," and delete all the .exd files. The .exd files will be re-created automatically using the new controls the next time that you use VBA. The extender files will reside under the users profile and may reside in multiple locations such as:
C:\documents and settings\username\Application Data\Microsoft\Forms
C:\documents and settings\username\AppData\Local\Temp\VBE
Note that you can search the "HKEY_CLASSES_ROOT\TypeLib" key in the registry using the search term "exd" to find the locations where the extender files reside.
3. Open the Excel workbook with the ActiveX control.
4. Open the Visual Basic Editor and under Debug click “Compile VBAProject”
5. Then save and redeploy the updated workbook
Note: If you do not recompile the project on the development computer that has a design time license for the control. When you open the open the workbook on a client computer you will receive the following error “License information for this component not found. You do not have an appropriate license to use this functionality in the design environment.” This is because the runtime time license is stored with the ActiveX control within the workbook and by re-compiling the control on the development computer the run time license is correctly updated.
On Client Computer
1. Delete the cached versions of the control type libraries (extender files). To do this, search your hard drive for ".exd," and delete all the .exd files. The .exd files will be re-created automatically using the new controls the next time that you use VBA. The extender files will reside under the users profile and may reside in multiple locations such as:
C:\documents and settings\username\Application Data\Microsoft\Forms
C:\documents and settings\username\AppData\Local\Temp\VBE
Note that you can search the "HKEY_CLASSES_ROOT\TypeLib" key in the registry using the search term "exd" to find the locations where the extender files reside.
2. Download the update control from the URL associated with the problem control into a browser window (see list below).
COMCT232.OCX - http://activex.microsoft.com/controls/vb6/comct232.cab 
MSCHRT20.OCX - http://activex.microsoft.com/controls/vb6/mschrt20.cab 
MSCOMCT2.OCX - http://activex.microsoft.com/controls/vb6/mscomct2.cab 
MSDATGRD.OCX - http://activex.microsoft.com/controls/vb6/msdatgrd.cab 
MSFLXGRD.OCX - http://activex.microsoft.com/controls/vb6/msflxgrd.cab 
MSHFLXGD.OCX - http://activex.microsoft.com/controls/vb6/mshflxgd.cab 
MSMASK32.OCX - http://activex.microsoft.com/controls/vb6/msmask32.cab 
MSWINSCK.OCX - http://activex.microsoft.com/controls/vb6/mswinsck.cab
3. When prompted, choose to Save the file to client computer.
4. Extract the files from the .CAB
5. Browse to the location of the extracted files.  Right-click on the .INF file, 
and choose 'Install' (this should take a matter of a couple of seconds and there 
will be no confirmation message)
6. Click on Start, then Run, type in 'regsvr32 <OCXNAME>.ocx' (excluding quotes, 
substituting the name of the control that was just installed) and click on 'OK'.
7. A message stating the 'DllRegisterServer in <controlname>.ocx succeeded.'  
Click 'OK'.
8. Open the re-complied workbook to ensure that the control is working.
Other options
There are two additional workarounds
1. Remove the kill bit for the ActiveX control; this means that the security vulnerabilities are still exposed. (this is not recommended)
2. To remove the AlternateCLSID and keep the Kill Bit; this will cause the control not to load.
When security advisory 960715 is applied, the following two registry keys are added for each control listed above. Example:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
{CLSID of killed ActiveX control}, Compatibility Flags, 0x0400
*This is the actual Kill Bit, 0x400, which is “COMPAT_EVIL_DONT_LOAD” which means the control is never used.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
{CLSID of killed ActiveX control}
This registry key is referred to as the Phoenix-Bit, a.k.a AlternateCLSID. Since a Kill-Bit completely prevents a control from loading, this key points to the updated controls GUID.
Workaround one
Change the Compatibility Flags to 0x00800000 which means Safe for Loading. The information regarding Compatibility Flags can be found at http://msdn.microsoft.com/en-us/library/aa768234.aspx
Workaround Two
Remove the AlternateCLSID registry key, this will remove the control from the form.
*With both of these workarounds, once you install the check security advisory, you must make the same changes again because registry keys revert to the Kill bit behavior.
 
 
 
 
 
 
 
 
 
(Author: Lee Kohrman)

发布人:录入员-网络  
分享到:
点击次数:  更新时间:2013-10-01 22:37:42  【打印此页】  【关闭】
上一条:ACCESS丢失MDW,还能还原用户与用户组及权限相关信息吗  下一条:Access2010使用Treeview出现问题的解决办法(适合32位及64位)



相关文章

  • • Access提示“操作或事件已被禁用模式阻止“解决办法
  • • Access设置宏的安全等级
  • • 【技巧】如何让Access更加安全
  • • 以前流行的4种Access数据库安全方式
  • • ACCESS使用链接表共享数据库的安全性案例探讨
  • • 自动降低安全级和选项卡设置示例
  • • 建立Access 数据库的安全门

热门文章

  • [2009-09-03] ACCESS使用链接表共享数据库的安全性案例探讨access数据库
  • [2013-08-09] 【技巧】如何让Access更加安全access数据库
  • [2014-03-03] Access设置宏的安全等级access数据库
  • [2004-08-18] Access数据库安全例子access数据库
  • [2006-08-25] ACCESS用代码如何压缩与修复带有安全机制工作组的后台文access数据库
  • [2008-11-10] 建立Access数据库的安全门access数据库

热门产品

公司动态|在线留言|在线反馈|友情链接|会员中心|站内搜索|网站地图

中山市天鸣科技发展有限公司 版权所有 1999-2023 粤ICP备10043721号

QQ:18449932

Access应用 Access培训 Access开发 Access平台

access|数据库|access下载|access教程|access视频|access软件

Powered by MetInfo 5.3.12 ©2008-2025  www.metinfo.cn