Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.basic.visual.misc > #1823
| From | Lars Uffmann <aral@nurfuerspam.de> |
|---|---|
| Newsgroups | comp.lang.basic.visual.misc |
| Subject | mscomctl.ocx and comctl32.ocx invoking third party executables? |
| Date | 2011-02-03 15:53 +0100 |
| Message-ID | <8qvtngFppsU1@mid.dfncis.de> (permalink) |
Hey everyone!
I stumbled upon this behaviour which has me somewhat concerned about
possible exploits:
OS: - WinXP Professional SP3 english
- security patches up to date as of 2011-02-03
Office Version: 2003
When inserting any ActiveX control contained in either mscomctl.ocx or
comctl32.ocx into an office document, the installer of a proprietary
software, that I sadly can not share (as much as I would like to have
someone reproduce this issue) is invoked.
The installer pops up with a "reconfiguring ..." dialog, not allowing
the user any options other than to cancel the process. After that
(aborting or letting it finish), the ActiveX control is inserted into
the document and behaves as expected.
This usually happens twice, after which the control behaves as expected
without invoking that installer. Some times the installer is invoked
twice in a row upon one insertion of ActiveX control, sometimes it
happens a few more times - but mostly the aforementioned two times.
If the window loses focus (does not work with alt-tabbing, does work
with e.g. launching task manager or windows explorer and switching back
to the office application), the unwanted behaviour returns.
The comctl32.ocx on a standard windows xp (SP3) will complain that it's
not licensed properly and not insert the ActiveX component selected,
however, it will still induce the unwanted behaviour of invoking the
third party software installer.
I have checked the file version of mscomctl.ocx before vs. after
installation of that third party software. The md5sum stays the same. I
take that to mean that it is not modified by the installation.
Reproducible with: Microsoft ProgressBar Control 6.0 (SP4), also with
ListView, ImageList and TreeView as well as a couple others, tested in
MS Word, Access, Excel
NOT reproduciple in MS Powerpoint!
***Now my question:*** Can anyone list the means by which an ActiveX
control can invoke some third party software upon first time being loaded?
Given that it does not know about the third party software (and no
dependency), and that this is completely unwanted behaviour, I would
like someone with more understanding than I have to tell me whether this
means that there is a hook in that common control library that will
allow unwanted execution of code, or only installed code, or not at all.
Thank you!
Lars
Back to comp.lang.basic.visual.misc | Previous | Next — Next in thread | Find similar | Unroll thread
mscomctl.ocx and comctl32.ocx invoking third party executables? Lars Uffmann <aral@nurfuerspam.de> - 2011-02-03 15:53 +0100
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? "Mayayana" <mayayana@invalid.nospam> - 2011-02-04 09:35 -0500
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? Lars Uffmann <aral@nurfuerspam.de> - 2011-02-04 15:04 +0100
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? "Mayayana" <mayayana@invalid.nospam> - 2011-02-03 12:03 -0500
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? GS <gs@somewhere.net> - 2011-02-04 12:44 -0500
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? Lars Uffmann <aral@nurfuerspam.de> - 2011-02-04 15:19 +0100
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? "Nobody" <nobody@nobody.com> - 2011-02-04 10:05 -0500
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? "Nobody" <nobody@nobody.com> - 2011-02-04 02:58 -0500
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? GS <gs@somewhere.net> - 2011-02-03 14:22 -0500
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? Lars Uffmann <aral@nurfuerspam.de> - 2011-02-04 15:16 +0100
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? Lars Uffmann <aral@nurfuerspam.de> - 2011-02-03 17:40 +0100
Re: mscomctl.ocx and comctl32.ocx invoking third party executables? GS <gs@somewhere.net> - 2011-02-03 11:11 -0500
csiph-web