SYSTEM AND METHOD FOR DAY-ZERO AUTHENTICATION OF ACTIVEX CONTROLS
First Claim
1. A method comprising:
- verifying a digital signature of an ActiveX control;
identifying at least one executable file of the ActiveX control;
authorizing the at least one executable file as an updater if the digital signature is from an authorized issuer; and
installing the ActiveX control.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method in one embodiment includes modules for verifying a digital signature of a Microsoft® ActiveX® control, identifying an executable file of the ActiveX control, authorizing the executable file as an updater configured to enable trust propagation, if the digital signature is from an authorized issuer, and installing the ActiveX control. More specific embodiments include hooking an exported function in the executable file and marking a thread calling the exported function as an updater. Hooking the exported function includes patching the executable function so that when the exported function is called during execution of the executable file, a second function is executed before the exported function is executed. Other embodiments include extracting a cabinet file wrapping the ActiveX control, parsing an information file in the cabinet file, and downloading additional components for installing the ActiveX control.
72 Citations
20 Claims
-
1. A method comprising:
-
verifying a digital signature of an ActiveX control; identifying at least one executable file of the ActiveX control; authorizing the at least one executable file as an updater if the digital signature is from an authorized issuer; and installing the ActiveX control. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Logic encoded in non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
verifying a digital signature of an ActiveX control; identifying at least one executable file of the ActiveX control; authorizing the at least one executable file as an updater if the digital signature is from an authorized issuer; and installing the ActiveX control. - View Dependent Claims (14, 15, 16)
-
-
17. An apparatus, comprising:
-
a memory element; and a processor operable to execute instructions associated with electronic code such that the apparatus is configured for; verifying a digital signature of an ActiveX control; identifying at least one executable file of the ActiveX control; authorizing the at least one executable file as an updater if the digital signature is from an authorized issuer; and installing the ActiveX control. - View Dependent Claims (18, 19, 20)
-
Specification