SolidWorks sldimdownload ActiveX control security vulnerability

Discussion in 'SolidWorks' started by pope, Apr 16, 2007.

  1. pope

    pope Guest

    I searched on this group for a message about this SW security
    vulnerability and didn't find it. You can read about it at
    http://solidworks.com/pages/services/Tech_Tips/CERT_VU556801.html and
    it is reproduced below:

    SolidWorks Technical Tip

    SolidWorks sldimdownload ActiveX control security vulnerability

    Level:Beginner

    Solution ID:S-014446

    Category:Administration, Installation

    Products/Version: SolidWorks 2007

    Last revised: April 5, 2007

    SolidWorks has recently been made aware of a security vulnerability in
    an activeX control on the SolidWorks website that is used to help
    customers download the latest version of SolidWorks.

    SolidWorks has modified this control to remove the security
    vulnerability. However, customers may need to take an action to
    eliminate the risk entirely.

    Who is affected? Customers that have downloaded SolidWorks from the
    SolidWorks support website using the SolidWorks installation manager
    during the 2007 release cycle. Customers who have not downloaded
    SolidWorks or SolidWorks patches during the 2007 release cycle are not
    affected. Customers who have used the 'manual' method of downloading
    SolidWorks files are not affected.

    What is the vulnerability? To start the installation process, a small
    control is loaded in the customer's browser to initiate the download.
    This control had a vulnerability that could, under certain
    circumstances, be used to gain access to a user's computer. In order
    to do this, the user would have to be tricked into browsing to a
    specially crafted website that was designed to take advantage of this
    vulnerability. SolidWorks is aware of no incidents of this type
    occurring.

    We believe the risk of this occurring is low.

    What should a SolidWorks user do? If you believe you are affected, we
    strongly recommend that Solidworks customers take action to eliminate
    even the slightest risk of this issue occurring.

    To eliminate this risk, we recommend one of the following two options:

    1. Upgrade the activeX control. To do this, go to c:\windows
    \downloaded program files (replace c:\windows as necessary for your
    operating system location). Right click on sldimdownloadiface and
    select update. This will update your control with the latest version,
    and eliminate the risk.

    OR

    2. Remove the activeX control. To do this, go to c:\windows\downloaded
    program files (replace c:\windows as necessary for your operating
    system location). Right click on sldimdownloadiface and select remove.
    This will remove the control and eliminate the risk.
     
    pope, Apr 16, 2007
    #1
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. control, control + shift + right click

  2. Document Security

  3. insert activex control in dcl dialog

  4. Emergency Response & Homeland Security

  5. Licensing For Volo View ActiveX Control

  6. activeX control properties in object

  7. HELP!!! Control-C and Control-V does not work

  8. control over plot order and spline control

Loading...