Dec 162008
 

Last updated on November 20th, 2015

In a follow-up to my earlier post, this problem is now going mainstream news.  See;

Conger Eel in a Hole

Conger Eel in a Hole

Apparently, 10,000 websites have now been hacked and are ready and waiting (like conger eels in a hole or praying mantises on a twig), to nick all the personal details from passing suckers.  This website, shadowserver, is maintaining some sort of a list.  A lot of it is Baidu, the main Chinese search engine and a prime aggregator of links to deeply hidden copyrighted material.

It does make me wonder if Baidu put the code on their own sites to trap the copyright-thieving suckers.  There’s some sort of irony in that thought.

For the sake of completeness, I’ll repeat Microsoft’s workaround below, that the ordinary computer user is supposed to do to effect some sort of a remedy.  If you insist on using IE7, then you’d better do this.  An easier solution is to use Firefox or Opera and then ask Microsoft to pay you for fixing their software.  After all, when you call Joe the plumber, you expect him to actually do the work – not the other way round.

What Do I Do?

I don’t use IE7 or any flavour.  In fact, even though the majority of web users use IE I don’t design my sites for it.  If it works in IE, that’s good.  But otherwise, I’m not bothered.  I don’t want visitors who don’t care about their personal safety.  It’s Microsoft software.  It’s their job to make their software secure and standards compliant.  If they can’t be bothered then why should I?  If more people took this attitude, I’m sure M$ would do something about it.

This is Microsoft’s Primary Workaround (not a fix, mind you!) to the Problem, from here.  There are others as well, but life’s too short…

Disable XML Island functionality

Use the following registry file to delete the XML Island key:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]

Note For Windows Vista and Windows Server 2008 only, take ownership of [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}] first, as follows:

1. Run Regedit as Admin

2. Go to [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]

3. Click Permission, then Advanced, then Owner

4. Change Owner to Administrator

5. Click Grant Full Control to Administrator

6. Then iterate for all subkeys

For other operating systems, no extra action is needed.

Impact of workaround: Embedded XML in HTML may not render correctly.

How to undo the workaround

Use the following registry file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]

@=”MsxmlIsland”

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InProcServer32]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00

“ThreadingModel”=”Apartment”

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\TypeLib]

@=”{D63E0CE2-A0A2-11D0-9C02-00C04FC99C8E}”

  One Response to “Oledb32.dll and IE7 – it’s getting Massively Worse!”

  1. I’ve just re-read the above.

    If all that code malarkey is just bunkum, then use Firefox! Ditch Internet Explorer. Sincerely, if the only fix is stuff you don’t understand, then use something different! If it was a Ferrari, and the only way to actually use the Ferrari was to do a complete oil change and reset the ignition timing every time youi wanted to drive it – how many people would bother?

    And yet that’s the situation with Microsoft and their browser..

    I actually use IE8 now, and it’s a lot better than it was – but most people who insist on using IE haven’t upgraded yet. Ho Hum!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

© 1977, Strangely Perfect.