wouldnt:

cd \program files\Microsoft Office\Office10
regsvr32 /u OUTLCTL.DLL

do the job nicely?
you could probably even delete outlctl.dll if you wanted.

I believe that Microsoft should fix a particular app so it is as bug-free, stable, and secure as it could get. Then, and only then, should they add new features a little bit at a time to improve the application. MS is a "professional" company, but they sure don't work like one...

MS Discussion @...
http://www.linkwall.com/cgi-bin/yabb/YaBB.cgi

i got a prompt if i wanted IE to allow the ActiveX (Windows 2000SP2, OfficeXP, IE 6 BETA 2501)

I use Opera normally (nothing happened as expected :)

I think that Guninski alerted everyone a little early on this one, it isn really a bug, in fact i can see how this would actually be very handy for businesses for remote access to an account via a web browser! also i find his "solution" very childish, implying people who will be worried about this that Windows is the problem is stupid.

just edit your security settings to High Medium (As all should already have it!) and you will get prompted :)

yes, but wtf does it need the createobject method for ?

After reading all the posts, I imagined it would never work on my portable, but it did work very well. That's just what I want MS to protect my buns from. If someone with not-too-good intentions changes a little here and a little there, then you won't even notice it when someone sticks his nose inside your computer. And I thought Windows 2000 was safe.

// Windows 2000 with SP2 and no hotfixes - and Office XP

I could not even get his own demonstration to work on any one of the three different Windows system I am running. All you have to do is disable the ActiveX controls in IE which is about what, been known for around a year or so now. Maybe he should stay in Bulgaria and teach security there because this finding proves nothing.

It works on my Office XP- horrible

When I tried it, it asked me if I wanted to download a signed activex program, and agreed to it. I don't think this is a bug, but is a feature. It didn't seem like you could do something without the persons permission (IE: I had to DL it first).

I tried it in WindowsXP and the page does nothing.

Your point about it asking to install the ActiveX component just proves this guy is making a bigger deal out of it than he should. In fact his solution is to remove Windows. What a joke.

XP RC1, Office XP Pro

You can disable, set to prompt, run all or none...

Goto tools, Internet Options, Security. Select Internet & Custom Level.

Go down to Run ActiveX Controls and Plug-ins. Set this to prompt and you will be prompted if you want it to run. Set to Administrator and none will run.

I have not found where the Admin can approve the ones to run, but I'll keep looking.

Can't you do this w/ CDO and any version of Outlook? Just curious.

it works on outlook 98 upwards apparently so yes I assume the problem started when CDO was born.

dunno why its taken people 3 years to find the problem though.

hmm although you dont actually need CDO installed for. or visual basic script support.

it worked on my comp with windows 2000 and outlook 2000

This worked on my 98 box with ie6 office 2k and XP RC1 with Office2k.

I tried to Issue a delete command and was unseccesful in doing so with out asking the user if they wanted to do so.

I was able to spawn a reply message but the user has to send.

These are functions designed for Online Calendar, and so are not exactly a bug... Guninski I think Jumped the Gun.

Tried it on two different machines running W2K + IE55SP1 fully patched + Office XP Professional (RTM, not beta).

I get Error: 'sel' is null or not an object.

Maybe the press should uninstall Georgi Guninski. He's getting a little too dramatic to be anything but an attention-starved geek.

Could be the location of where Office XP was installed, or maybe you are just lucky. Demonstration worked perfectly for me (unfortunately so, I guess).

I don't know what's worse - the fact that software can ship with huge security holes like this, or how easy it is to exploit them. I hope Microsoft releases a patch in a day or two and starts shipping the update with later retail copies of Office XP.

Solution:
Uninstall Office XP and Windows.

Regards,
Georgi Guninski
http://www.guninski.com

So you think he is trying to put microsoft out of business because he looks for bugs in their software? He has found bugs in plenty of non-microsoft software also. Anyway, if there were no bugs it wouldnt be a problem in the least bit.

I think Georgi was simply pointing out that with no fix available, the only workaround is to uninstall Office XP. But he does seem to be taking the fact that it exists in software he paid for a little too far.

So what you're saying that the only way to work around a bug in one program is to uninstall the whole system? Interesting ... My door can be broken into hence the solution is not to buy a better door but to tearn down the house.

Not the whole system, just Office XP. As there is no fix as of yet, the only solution is to remove Office XP - or just be careful to which sites you browse.

But what if the house built by a criminal? What else is hidden in his handywork? Wouldn't you want to tear it down?

-8vO

There must be bugs, how else can Microsoft justify "upgrades" we all know that the last three were nothing more than bug fixes .. We also know their form of innovation includes violating the law, and taking food from others mouths ..

-8vO

Great!!!

Read Georgi's page. It says that the solution is to uninstall Office AND Windows. I believe that someone knowledgeable enough to find the bug (look at the code, I have no idea why an Application object exposes CreateObject method) would know what the problem is. Georgi's creditibility went out the window because of his obvious hate of anything that has Microsoft on it.

That is so stupid Avito it really doesn't even deserve my response.

How is it stupid? They are *Convicted Criminals* .. They continue to comit crimes expecting the rest of the world to sit idle while they screw every single one of us .. You wouldn't want to know what else may be exploitable in your house if it was built by a convicted criminal, and was already broken into on multiple occasions? now HOW STUPID IS THAT?

-8vO

:)))) AT&T is a convicted criminal too. But they still continue to sell long distance phone service which I am sure can be tapped with you knowing it. LAPD is a convicted criminal but they still continue to run the law enforcement. McDonalds is a convicted criminal but they still sell their burgers and coffee. If you feel like you're not using anything that was made by a company that lost a lawsuit think again. This "issue" is a problem between the chair and the keyboard, if someone says "Yes install anything you want on my box and never ever ask me again, just install it all" then it's not really Microsoft's fault. ActiveX is not a security threat. If you think so then you have to admit that a ZIP file with an exectuable in it is a security threat and that CD-ROMs are security threats because they allow people to run programs without any restrictions (at least ActiveX controls have to be signed to be allowed to run).

It worked here with Windows 2000 Professional and Office XP. I'will now go and restirct Active X and see what happens.

Yep, just change the custom settings to at least prompt to run an Active X control/plug-in. This should work until M$ comes up with a fix.

So he dislikes Microsoft, big deal. So do I. So do most people I know. He based his comment on his previous experiences with Windows and now Office. Additionally, this bug isn't directly related to Office, ActiveX is part of Windows. Most other operating systems, such as Linux, don't have ActiveX and really don't need it, so this type of vulnerability would not even be possible.

SOOO .. If MCDonalds was convicted of selling burgers with bad meat to it's customers on multiple occasions, you would still eat there?

-8vO

lol not too much of a difference. bad meat the customer doesnt want. generally people DO want what microsoft has to offer.

you're funny - as usual!

Funny, most people I know use MS products because they don't feel there is a viable alternative, some don't even know alternatives exist .. They all use MS because (and I hear this a LOT) That's all there is ..

Others are afraid that it's too difficult (Modern Linux is in no way difficult)

-8vO

If you feel like this is only Windows issue take a look at XPCOM component in Mozilla (it basically is ActiveX technology - but without the little security ActiveX has). and ActiveX isn't anything else then good ol COM which is the same concept as CORBA. I just like M$ haters that think that only Windows and anything M$ is bad :)