Welcome Guest! You need to login or register to make posts.



Go to last post Go to first unread
#1 Posted : Thursday, August 14, 2008 3:37:55 PM(UTC)

Rank: Advanced Member

Groups: Member, Administration
Joined: 8/2/2003(UTC)
Posts: 876

Thanks: 2 times
Was thanked: 27 time(s) in 27 post(s)
Problem overview

A number of our customers encounter a problem with Image Uploader ActiveX version after they install Microsoft security update KB953839. This is what we warned about in our multiple emails and blog posts.

Probably you already know that in the beginning of this year security specialists discovered several security flaws in Image Uploader. As a result we have released fixed version. But since there is a big number of client computers where old insecure is installed, we decided to "killbit" old versions. Explanations about killbit, why it is necessary and how it works I have described in one of my blog posts. In short, it just means that as soon as killbit is set on a client computer, insecure version of Image Uploader cannot be used anymore, and you need to update it.

First of all, killbit is installed when new safe version of Image Uploader is loaded. So those end-users who visit several websites with Image Uploader already faced this issue. But it got really big scale after Microsoft included this killbit to their security updates.

Versions affected

You may wonder what exact versions are killbitted and when it is necessary to update. Vulnerable (and therefore killbitted) versions are:
  1. All builds of 4.x family earlier than 4.7. There is an exception with private-label builds. We started providing private-label customers with safe builds starting from version number 4.6.49. But if you hesitate, please contact us.
  2. All builds of 5.0.x family.
Safe versions are:
  1. Version 4.7.16 and later
  2. Version 5.1.10 and later
How to update

If you are using vulnerable version of 4.x family, you can download 4.7.16 on a legacy download page. License keys of 4.x version will work for it, so this is a free update.

If you have version 5.0, just download the latest 5.x from the download page.

If you have a private-label version, and it stopped working for some reasons, first of all, try to find your safe version. We did not include private-label version to killbit until we get an explicit confirmation from you that you have received fixed version and willing to update it. So just check your email received from us in March. But if you cannot find it, just submit a ticket in our help desk system.

Note, it is important to update not just .cab file, but iuembed.js as well. It is really critical, because new safe version has different CLSID now. So it will not work correctly with old CLSID.

See Also

Edited by user Thursday, August 14, 2008 5:26:48 PM(UTC)  | Reason: Not specified

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.