PRB: Image Uploader ActiveX does not load after security update KB953839

Options

Previous Topic Next Topic

Andrew User Profile View All Posts by User View Thanks		#1 Posted : Thursday, August 14, 2008 3:37:55 PM(UTC)
Rank: Advanced Member Groups: Member, Administration Joined: 8/2/2003(UTC) Posts: 876 Thanks: 2 times Was thanked: 27 time(s) in 27 post(s)		Problem overview A number of our customers encounter a problem with Image Uploader ActiveX version after they install Microsoft security update KB953839. This is what we warned about in our multiple emails and blog posts. Probably you already know that in the beginning of this year security specialists discovered several security flaws in Image Uploader. As a result we have released fixed version. But since there is a big number of client computers where old insecure is installed, we decided to "killbit" old versions. Explanations about killbit, why it is necessary and how it works I have described in one of my blog posts. In short, it just means that as soon as killbit is set on a client computer, insecure version of Image Uploader cannot be used anymore, and you need to update it. First of all, killbit is installed when new safe version of Image Uploader is loaded. So those end-users who visit several websites with Image Uploader already faced this issue. But it got really big scale after Microsoft included this killbit to their security updates. Versions affected You may wonder what exact versions are killbitted and when it is necessary to update. Vulnerable (and therefore killbitted) versions are: All builds of 4.x family earlier than 4.7. There is an exception with private-label builds. We started providing private-label customers with safe builds starting from version number 4.6.49. But if you hesitate, please contact us. All builds of 5.0.x family. Safe versions are: Version 4.7.16 and later Version 5.1.10 and later How to update If you are using vulnerable version of 4.x family, you can download 4.7.16 on a legacy download page. License keys of 4.x version will work for it, so this is a free update. If you have version 5.0, just download the latest 5.x from the download page. If you have a private-label version, and it stopped working for some reasons, first of all, try to find your safe version. We did not include private-label version to killbit until we get an explicit confirmation from you that you have received fixed version and willing to update it. So just check your email received from us in March. But if you cannot find it, just submit a ticket in our help desk system. Note, it is important to update not just .cab file, but iuembed.js as well. It is really critical, because new safe version has different CLSID now. So it will not work correctly with old CLSID. See Also Microsoft Security Advisory (953839) Image Uploader is safe again! - blog post explaining what killbit is. Image Uploader is reborn - better security and new CLSIDs - blog post describing how to migrate to safe version. Official security bulletin - blog post which contains a full lists of CLSIDs in killbit. PRB: Some clients are unable to load or install Image Uploader ActiveX - forum post about the same issue (when killbit is installed with new version of Image Uploader). Edited by user Thursday, August 14, 2008 5:26:48 PM(UTC) \| Reason: Not specified

Users browsing this topic
Guest

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.