SideBar crashes when running ActiveX components that require approval

  • Thread starter Thread starter Jon Abbott
  • Start date Start date
J

Jon Abbott

If a Gadget calls an ActiveX object that in IE prompts for authorization (ie
the prompt "To help protect your security, Internet Explorer has restricted
this webpage from running scripts or ActiveX controls that could access your
computer. Click here for options...") SideBar crashes.

Surely it should prompt or close the Gadget, not crash.

Two ways to reproduce this are with Java or Shockwave:

1. With Java

gadget.html:

<html>
<head>
<title>Crash by Java</title>
<style>
body {
width:120;
height:120;
}
</style>
</head>
<body>
<APPLET code="test.class" name="testjava" width=100% height=100%></APPLET>
</body>
</html>


test.class compiled from test.java:

import java.applet.*;

public class test extends Applet {
public void init()
{
}
}



2. With ShockWave

gadget.html

<html>
<head>
<title>Crash by ShockWave</title>
<style>
body {
width:120;
height:120;
}
</style>
</head>
<body>
<EMBED TYPE="application/x-shockwave-flash" src="test.swf" width=100%
height=100%>
</body>
</html>

test.swf can be any ShockWave app.
 
Jon Abbott said:
If a Gadget calls an ActiveX object that in IE prompts for authorization (ie
the prompt "To help protect your security, Internet Explorer has restricted
this webpage from running scripts or ActiveX controls that could access your
computer. Click here for options...") SideBar crashes.

Surely it should prompt or close the Gadget, not crash.

Two ways to reproduce this are with Java or Shockwave:

1. With Java

gadget.html:

<html>
<head>
<title>Crash by Java</title>
<style>
body {
width:120;
height:120;
}
</style>
</head>
<body>
<APPLET code="test.class" name="testjava" width=100% height=100%></APPLET>
</body>
</html>


test.class compiled from test.java:

import java.applet.*;

public class test extends Applet {
public void init()
{
}
}



2. With ShockWave

gadget.html

<html>
<head>
<title>Crash by ShockWave</title>
<style>
body {
width:120;
height:120;
}
</style>
</head>
<body>
<EMBED TYPE="application/x-shockwave-flash" src="test.swf" width=100%
height=100%>
</body>
</html>

test.swf can be any ShockWave app.
Click to expand...

Spoke too soon, it's Shockwave and Java that crash it, Sidebar still crashes
with a "Mark of the Web" added to gadget.html.
 
Why do you think this is an authenticode issue, and not some other bug? (Is
there something that leads you to think that?) I ask, because I have seen a
crash in Flash where the version of Flash running has a stack overrun, which
Vista security measures detect and result in a forced crash. (This is the
DEP and NX support in the OS, if you're familiar with it.)

-Bruce
 
Bruce Williams said:
I don't understand, what's a "Mark of the Web"?

-Bruce
Click to expand...

"Mark of the Web" - forced IE to not block ActiveX components on the page. Add
the following line to top of gadget.html:

<!-- saved from url=(0013)about:internet -->
 
Bruce Williams said:
Why do you think this is an authenticode issue, and not some other bug? (Is
there something that leads you to think that?) I ask, because I have seen a
crash in Flash where the version of Flash running has a stack overrun, which
Vista security measures detect and result in a forced crash. (This is the
DEP and NX support in the OS, if you're familiar with it.)

-Bruce
Click to expand...
My mistake, as I said in the other post, it's not security causing it. Sidebar
has an issue when calling Flash or Java.

Flash, yes agreed DEP is killing Sidebar. Java is a similar issue.
 
Back
Top