Forgive me if this is the wrong place - I picked here because the issue is with a Javascript blocking MS update.
So a few months ago, some local users on one of side networks (not the network we developers are on) claimed they could not use a web app we developed. They had been able to use it just a few weeks prior.
The app uses a combination of Javascript and ActiveX to allow the user to select (through the app) documents on their local drive to "import". The import process displays the file using Spicer Imagenation ActiveX control. And finally the users can "Save" the document which will convert the file to PDF for storage on our servers.
The error they were running into was when they were selecting the file for import. The common windows browse control is being used - they can highlight the file, but when they click "OK", they receive the following message:
Imagenation Error:
The 'Import Sample.txt' file cannot be opened.
This happens with any file they attempt.
Later we find out that if the source file is on the user's "Desktop", the file imports just fine. It only seems to have an error when the file is elsewhere on the computer (I believe the "Desktop" is the default location when browsing).
Jump forward a few days!
One user on their network is able to import files just fine. I compare his security settings, IE settings, and windows updates to the faulty workstations. The only difference is that he does not have Windows Hotfix #971961.
I go through the painful process of getting permission to temporarily remove this hotfix from one of the computers that is not working. After uninstalling it and rebooting the user can import just fine.
Microsoft's documentation isn't giving me any real information on how to code around this (I'm assuming that's to keep hackers from coding around this).
I'm working on having one of the broken machines point at a developer's machine while they debug (maybe displaying the path before running the code). But being on separate networks it's taking a bit of time.
Any help would be appreciated. I'm assuming it's only a matter of time before our clients are pushed this windows update.
Update in question:
Microsoft Security Bulletin MS09-045 - Critical
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
-ZE
So a few months ago, some local users on one of side networks (not the network we developers are on) claimed they could not use a web app we developed. They had been able to use it just a few weeks prior.
The app uses a combination of Javascript and ActiveX to allow the user to select (through the app) documents on their local drive to "import". The import process displays the file using Spicer Imagenation ActiveX control. And finally the users can "Save" the document which will convert the file to PDF for storage on our servers.
The error they were running into was when they were selecting the file for import. The common windows browse control is being used - they can highlight the file, but when they click "OK", they receive the following message:
Imagenation Error:
The 'Import Sample.txt' file cannot be opened.
This happens with any file they attempt.
Later we find out that if the source file is on the user's "Desktop", the file imports just fine. It only seems to have an error when the file is elsewhere on the computer (I believe the "Desktop" is the default location when browsing).
Jump forward a few days!
One user on their network is able to import files just fine. I compare his security settings, IE settings, and windows updates to the faulty workstations. The only difference is that he does not have Windows Hotfix #971961.
I go through the painful process of getting permission to temporarily remove this hotfix from one of the computers that is not working. After uninstalling it and rebooting the user can import just fine.
Microsoft's documentation isn't giving me any real information on how to code around this (I'm assuming that's to keep hackers from coding around this).
I'm working on having one of the broken machines point at a developer's machine while they debug (maybe displaying the path before running the code). But being on separate networks it's taking a bit of time.
Any help would be appreciated. I'm assuming it's only a matter of time before our clients are pushed this windows update.
Update in question:
Microsoft Security Bulletin MS09-045 - Critical
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
-ZE
