Htm/html attachments that contain malicious scripts can be opened in Microsoft Dynamics CRM 4.0

Htm/html attachments that contain malicious scripts can be opened in Microsoft Dynamics CRM 4.0.

This problem is fixed in the latest cumulative update rollup for Microsoft Dynamics CRM 4.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

To add the BlockedAttachmentsForDownload setting to the Deployment properties in the Configuration database (MSCRM_CONFIG), extract the tool from the UR6 Server package <ur6PackageName>.exe /x. In the Tools folder, copy the Microsoft.Crm.DeploymentConfigTool.exe file from the extracted files into the Tools directory on the CRM Server under Program Files, Microsoft crm, Tools. Open a command prompt and change directories to the Tools directory. Then, run the following command at the command prompt You can modify this table to add or remove extensions that should be blocked by using the DeploymentConfigTool in the Tools folder of the Microsoft Dynamics CRM directory. For example, C:\Program Files\Microsoft Dynamics CRM\Tools.

If you modify the BlockedAttachmentsForDownload on the server, you also have to create a BlockedAttachmentsForDownload registry key on each Microsoft Dynamics CRM for Microsoft Office Outlook computer. Complete the following steps to create the registry key on each computer that is using Microsoft Dynamics CRM for Microsoft Office Outlook:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate the following registry subkey: HKCU\SOFTWARE\Microsoft\MSCRMClient
3. Right-click MSCRMClient, point to New, and then click String Value.
4. Type BlockedAttachmentsForDownload.
5. Right-click BlockedAttachmentsForDownload, click Modify and then enter the same string of values that you have for BlockedAttachmentsForDownload in the Deployment Properties table.