Htm/html attachments that contain malicious scripts can be opened in Microsoft Dynamics CRM 4.0.
This problem is fixed in the latest cumulative update rollup for Microsoft Dynamics CRM 4.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
949256 Microsoft Dynamics CRM 4.0 updates and hotfixes
To add the "BlockedAttachmentsForDownload" setting to the "Deployment" properties in the Configuration database (MSCRM_CONFIG), extract the tool from the UR6 Server package using the command prompt:
or Example: CRMv4.0-KB970148-amd64-Server-ENU.exe /x or CRMv4.0-KB970148-i386-Server-ENU.exe /x
In the "Tools" folder, copy the Microsoft.Crm.DeploymentConfigTool.exe file from the extracted files into the "Tools" directory on the CRM Server under:
C:\Program Files\Microsoft Dynamics CRM\Tools
Open a command prompt and change directories to the Tools directory using the command:
cd C:\Program Files\Microsoft DynamicsvCRM\Tools
Then, run the following command at the command prompt:
You can modify this table to add or remove extensions that should be blocked by using the "DeploymentConfigTool" in the "Tools" folder of the Microsoft Dynamics CRM directory (C:\Program Files\Microsoft DynamicsvCRM\Tools).
If you modify the "BlockedAttachmentsForDownload" on the server, you also have to create a "BlockedAttachmentsForDownload" registry key on each "Microsoft Dynamics CRM for Microsoft Office Outlook" computer. Complete the following steps to create the registry key on each computer that is using Microsoft Dynamics CRM for Microsoft Office Outlook:
Click Start, click Run, type 'regedit', and then click OK.
Locate the following registry subkey:
Right-click MSCRMClient, point to New, and then click "String Value".
Right-click BlockedAttachmentsForDownload, click Modify and then enter the same string of values that you have for "BlockedAttachmentsForDownload" in the Deployment Properties table (like above).