Michael Fuchs
Guest
|
This is a continuation to https://www.add-in-express.com/forum/read.php?FID=5&TID=13737.
We have been in contact with our client and tried to get them to deactivate SimExecFlow for Outlook.exe in EMET. Unfortunately they declined the request with the argument that from experience, an attack targeting that vulnerability is expected to occur anywhere between 100 and 1000 days.
Our client is part of the swiss government and security is understandably a focal point for the IT department. Since they cannot use our product as long as this weakness is not resolved, we only see two possibilites:
a. You can find a way to fix the issue within your framework
b. We have to discontinue writing addins using your product and migrate this project
Handing over our project to your custom development department does not seem like an option.
Please let me know if will undertake to fix the IntResource issue. |
|
Andrei Smolin
Add-in Express team
Posts: 18791
Joined: 2006-05-11
|
Hello Michael,
We think there's a chance to help you. But we would need to know what regions (layouts) in what versions of Office applications you are using.
Andrei Smolin
Add-in Express Team Leader |
|
Michael Fuchs
Guest
|
Hello Andrei
That is good news. We currently support Outlook 2010, 2013 and 2016 with this project, and we use a top docked and a right docked region in our addin.
http://postimg.org/image/71whv6ci7/ |
|
Andrei Smolin
Add-in Express team
Posts: 18791
Joined: 2006-05-11
|
Michael,
I've sent you an email. Please check your Inbox.
Andrei Smolin
Add-in Express Team Leader |
|
Michael Fuchs
Guest
|
We were able to resolve this issue with the assistance of ADX. Basically the following steps were required:
1. Add a modified version of IntResource.dll/IntResource64.dll to the setup project, so they are installed next to AddinExpress.OL.2005.dll.
2. Add a UserControl to the addin project (assumedly an obscured configuration) with the following exact code:
[ComVisible(true), ProgId("ADXXServicePane.ProgID"), Guid("9E834F6F-BF48-46C5-820C-833B05104A8C")]
public partial class UserControl1 : UserControl
{
public UserControl1()
{
InitializeComponent();
}
}
3. Remove AddinExpress.OL.2005.dll from the GAC (so the IntResource libraries are no longer extracted from this assembly to the %Temp% folder). |
|
Andrei Smolin
Add-in Express team
Posts: 18791
Joined: 2006-05-11
|
Hello Michael,
Thank you for posting this.
Andrei Smolin
Add-in Express Team Leader |
|