IntResource and EMET #2

Add-in Express™ Support Service
That's what is more important than anything else

IntResource and EMET #2
EMET terminates Outlook because of ADX IntResource 
Michael Fuchs


Guest


This is a continuation to https://www.add-in-express.com/forum/read.php?FID=5&TID=13737.

We have been in contact with our client and tried to get them to deactivate SimExecFlow for Outlook.exe in EMET. Unfortunately they declined the request with the argument that from experience, an attack targeting that vulnerability is expected to occur anywhere between 100 and 1000 days.

Our client is part of the swiss government and security is understandably a focal point for the IT department. Since they cannot use our product as long as this weakness is not resolved, we only see two possibilites:

a. You can find a way to fix the issue within your framework
b. We have to discontinue writing addins using your product and migrate this project

Handing over our project to your custom development department does not seem like an option.

Please let me know if will undertake to fix the IntResource issue.
Posted 21 Apr, 2016 03:48:27 Top
Andrei Smolin


Add-in Express team


Posts: 18791
Joined: 2006-05-11
Hello Michael,

We think there's a chance to help you. But we would need to know what regions (layouts) in what versions of Office applications you are using.


Andrei Smolin
Add-in Express Team Leader
Posted 21 Apr, 2016 06:26:14 Top
Michael Fuchs


Guest


Hello Andrei

That is good news. We currently support Outlook 2010, 2013 and 2016 with this project, and we use a top docked and a right docked region in our addin.

http://postimg.org/image/71whv6ci7/
Posted 21 Apr, 2016 06:35:32 Top
Andrei Smolin


Add-in Express team


Posts: 18791
Joined: 2006-05-11
Michael,

I've sent you an email. Please check your Inbox.


Andrei Smolin
Add-in Express Team Leader
Posted 21 Apr, 2016 08:45:20 Top
Michael Fuchs


Guest


We were able to resolve this issue with the assistance of ADX. Basically the following steps were required:


1. Add a modified version of IntResource.dll/IntResource64.dll to the setup project, so they are installed next to AddinExpress.OL.2005.dll.

2. Add a UserControl to the addin project (assumedly an obscured configuration) with the following exact code:

    [ComVisible(true), ProgId("ADXXServicePane.ProgID"), Guid("9E834F6F-BF48-46C5-820C-833B05104A8C")]
    public partial class UserControl1 : UserControl
    {
        public UserControl1()
        {
            InitializeComponent();
        }
    }



3. Remove AddinExpress.OL.2005.dll from the GAC (so the IntResource libraries are no longer extracted from this assembly to the %Temp% folder).
Posted 17 May, 2016 10:14:37 Top
Andrei Smolin


Add-in Express team


Posts: 18791
Joined: 2006-05-11
Hello Michael,

Thank you for posting this.


Andrei Smolin
Add-in Express Team Leader
Posted 18 May, 2016 00:36:50 Top