Article ID: 974597 - View products that this article applies to.
Htm/html attachments that contain malicious scripts can be opened in Microsoft Dynamics CRM 4.0.
This problem is fixed in the latest cumulative update rollup for Microsoft Dynamics CRM 4.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/949256/ )Microsoft Dynamics CRM 4.0 updates and hotfixes
To add the "BlockedAttachmentsForDownload" setting to the "Deployment" properties in the Configuration database (MSCRM_CONFIG), extract the tool from the UR6 Server package using the command prompt:
or Example: CRMv4.0-KB970148-amd64-Server-ENU.exe /x or CRMv4.0-KB970148-i386-Server-ENU.exe /x
In the "Tools" folder, copy the Microsoft.Crm.DeploymentConfigTool.exe file from the extracted files into the "Tools" directory on the CRM Server under:
C:\Program Files\Microsoft Dynamics CRM\Tools
Open a command prompt and change directories to the Tools directory using the command:
cd C:\Program Files\Microsoft DynamicsvCRM\Tools
Then, run the following command at the command prompt:
Microsoft.Crm.DeploymentConfigTool.exe MiscSettings Update -BlockedAttachmentsForDownload:XML;JS;VBS;JSON;RSS;INI;HTA;HTC;URI;URL;cookie;ASP;ASPX;CSS;DIB;EOT;XHTML;HTM;HTML;MHT;MHTML;CUR;EMF;JFIF;WMF;OSIDYou can modify this table to add or remove extensions that should be blocked by using the "DeploymentConfigTool" in the "Tools" folder of the Microsoft Dynamics CRM directory (C:\Program Files\Microsoft DynamicsvCRM\Tools).
If you modify the "BlockedAttachmentsForDownload" on the server, you also have to create a "BlockedAttachmentsForDownload" registry key on each "Microsoft Dynamics CRM for Microsoft Office Outlook" computer. Complete the following steps to create the registry key on each computer that is using Microsoft Dynamics CRM for Microsoft Office Outlook:
Article ID: 974597 - Last Review: October 31, 2011 - Revision: 5.0