Htm/html attachments that contain malicious scripts can be opened in Microsoft Dynamics CRM 4.0

Htm/html attachments that contain malicious scripts can be opened in Microsoft Dynamics CRM 4.0.
This problem is fixed in the latest cumulative update rollup for Microsoft Dynamics CRM 4.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
949256 Microsoft Dynamics CRM 4.0 updates and hotfixes

To add the "BlockedAttachmentsForDownload" setting to the "Deployment" properties in the Configuration database (MSCRM_CONFIG), extract the tool from the UR6 Server package using the command prompt:

<ur6PackageName>.exe /x

or Example: CRMv4.0-KB970148-amd64-Server-ENU.exe /x or CRMv4.0-KB970148-i386-Server-ENU.exe /x

In the "Tools" folder, copy the Microsoft.Crm.DeploymentConfigTool.exe file from the extracted files into the "Tools" directory on the CRM Server under:

C:\Program Files\Microsoft Dynamics CRM\Tools

Open a command prompt and change directories to the Tools directory using the command:

cd C:\Program Files\Microsoft DynamicsvCRM\Tools

Then, run the following command at the command prompt: 
Microsoft.Crm.DeploymentConfigTool.exe MiscSettings Update -BlockedAttachmentsForDownload:XML;JS;VBS;JSON;RSS;INI;HTA;HTC;URI;URL;cookie;ASP;ASPX;CSS;DIB;EOT;XHTML;HTM;HTML;MHT;MHTML;CUR;EMF;JFIF;WMF;OSID 
You can modify this table to add or remove extensions that should be blocked by using the "DeploymentConfigTool" in the "Tools" folder of the Microsoft Dynamics CRM directory (C:\Program Files\Microsoft DynamicsvCRM\Tools).  

If you modify the "BlockedAttachmentsForDownload" on the server, you also have to create a "BlockedAttachmentsForDownload" registry key on each "Microsoft Dynamics CRM for Microsoft Office Outlook" computer. Complete the following steps to create the registry key on each computer that is using Microsoft Dynamics CRM for Microsoft Office Outlook:  
  1. Click Start, click Run, type 'regedit', and then click OK.
  2. Locate the following registry subkey:
  3. Right-click MSCRMClient, point to New, and then click "String Value".
  4. Type BlockedAttachmentsForDownload.
  5. Right-click BlockedAttachmentsForDownload, click Modify and then enter the same string of values that you have for "BlockedAttachmentsForDownload" in the Deployment Properties table (like above).

Article ID: 974597 - Last Review: 10/31/2011 06:36:00 - Revision: 5.0

Microsoft Dynamics CRM for Microsoft Office Outlook

  • kbsurveynew kbmbsmigrate kbqfe KB974597