Potential Security Vulnerability in exteNd Director Standard 4.1 with ActiveX control

This document (3169416) is provided subject to the disclaimer at the end of this document.

environment

Novell exteNd Director 4.1
Microsoft Windows 2000 Professional
Microsoft Windows XP Professional
Microsoft Windows 2000
Microsoft Windows 98
Microsoft Windows 95

situation

Windows workstations that have run Novell Portal Services or Novell exteNd Director 4.1 in the past may have installed an activeX control that could potentially allow for malicious code to run on the workstation.

resolution

To resolve this problem, create a text file that contains this text (NOTE: use notepad or another text editor, NOT word pad, or a word processor), here's the text:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2B1AA38D-2D12-11D5-AAD0-00C04FA03D78}]
"Compatibility Flags"=dword:00000400

Save the text file and rename it to Novell-Killbit.reg  (make sure that it doesn't have a .txt hidden extension)

Next, double click on the .reg file just created, and when prompted to add to the registry, click Yes

The above entry disables the particular activeX control that was at one time used by Novell exteNd Director Standard Edition 4.1

status

Reported to Engineering
Security Alert

additional notes

internal information

document

Document ID:	3169416
Creation Date:	2007-06-15 11:09:37.0
Modified Date:	2007-06-15 11:09:37.0
Novell Product:	exteNd Director

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.