Anti-virus security information in an extensible markup language document

US 7,509,573 B1
Filed: 02/17/2004
Issued: 03/24/2009
Est. Priority Date: 02/17/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method, implemented at least in part by a computing apparatus, of detecting executable code embedded in an Extensible Markup Language (XML) document, comprising:

applying Extensible Markup Language (XML) markup to a computer-generated document;

locating executable code embedded in the document; and

applying an attribute to a root level element of the XML markup for notifying a subsequent application of the presence of the embedded executable code;

wherein the attribute comprises a flag that detects the presence of the embedded executable code in the XML document, wherein the embedded executable code comprises at least one of an undesirable object and a property, and wherein the flag enables the subsequent application to reject the embedded executable code within the XML document when the XML markup is being parsed by the subsequent application in searching for the presence of the attribute indicating the presence of the embedded executable code in the document.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for allowing software applications capable of reading and saving Extensible Markup Language (XML) representations of documents to quickly and efficiently detect the presence of executable code contained in a given document being read or saved by the software applications. Examples of executable code include, but are not limited to macros, VBA macros, OLE code, OCX or ActiveX controls, embedded executable objects, and the like.

Citations

18 Claims

1. A method, implemented at least in part by a computing apparatus, of detecting executable code embedded in an Extensible Markup Language (XML) document, comprising:
- applying Extensible Markup Language (XML) markup to a computer-generated document;
  
  locating executable code embedded in the document; and
  
  applying an attribute to a root level element of the XML markup for notifying a subsequent application of the presence of the embedded executable code;
  
  wherein the attribute comprises a flag that detects the presence of the embedded executable code in the XML document, wherein the embedded executable code comprises at least one of an undesirable object and a property, and wherein the flag enables the subsequent application to reject the embedded executable code within the XML document when the XML markup is being parsed by the subsequent application in searching for the presence of the attribute indicating the presence of the embedded executable code in the document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - passing the document to the subsequent application.
  - 3. The method of claim 2, whereby if the attribute is located by the subsequent application, rejecting the document as corrupted by the embedded executable code.
  - 4. The method of claim 2, whereby if the attribute is located, determining whether the embedded executable code associated with the attribute requires rejection of the document, and if not, continuing to parse the XML markup of the document by the subsequent application.
  - 5. The method of claim 2, wherebyif the attribute is not present, then rejecting the executable code.
  - 6. The method of claim 2, whereby the attribute is a macros present attribute for indicating the presence of VBA code in the document.
  - 7. The method of claim 6, whereby the macros present attribute has a value of “
    - yes”
      
      where an XML markup element is in the document containing the VBA code.
  - 8. The method of claim 7, whereby the macros present attribute has a value of “
    - no”
      
      indicating that no XML element is in the file containing the VBA code.
  - 9. The method of claim 2, whereby the attribute is an embedded object present attribute indicating the presence of one or more OLE objects in the document.
  - 10. The method of claim 9, whereby the embedded object present attribute has a value of “
    - yes”
      
      indicating the presence of at least one XML element in the document containing data associated with an OLE object.
  - 11. The method of claim 10, whereby the embedded object present attribute has a value of “
    - no”
      
      indicating that there are no XML elements in the file containing data associated with an OLE object.
  - 12. The method of claim 2, whereby the attribute is an OCX present attribute indicating the presence of OCX objects in the document.
  - 13. The method of claim 12, whereby the OCX present object has a value of “
    - yes”
      
      indicating that the presence of at least one XML element in the document containing data associated with an OCX object.
  - 14. The method of claim 13, whereby the OCX present object has a value of “
    - no”
      
      indicating that there are no XML elements in the document containing data associated with an OCX object.

15. A system for detecting executable code embedded in an Extensible Markup Language (XML) document, comprising:
- a memory storage; and
  
  a processing unit coupled to the memory storage, wherein the processing unit is operative to;
  
  apply Extensible Markup Language (XML) markup to a computer-generated document;
  
  locate an executable code embedded in the document;
  
  apply an attribute to a root level element of the XML markup for notifying a subsequent application of the presence of the embedded executable code;
  
  pass the document to the subsequent application;
  
  parse the XML markup by the subsequent application to locate the attribute applied to the root level element of the XML markup applied to the document; and
  
  if the attribute is located by the subsequent application, reject the document as corrupted by the embedded executable code;
  
  wherein the attribute comprises a flag that detects the presence of the embedded executable code in the document, wherein the embedded executable code comprises at least one of an undesirable object and a property, and wherein the flag enables the subsequent application to reject the document as corrupted by the embedded executable code when the XML markup is being parsed.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, whereby if the embedded executable code associated with the attribute does not require rejection of the document, continuing to parse the XML markup of the document by the subsequent application.
  - 17. The system of claim 15, whereby parsing the XML markup by the subsequent application includes:
    - determining by the subsequent application whether the attribute is present for notifying the subsequent application of the presence of the executable code; and
      
      if the attribute is not present, then rejecting the executable code.

18. A computer-readable medium on which is stored instructions which when executed by a computer perform a method of detecting executable code embedded in an Extensible Markup Language (XML) document, comprising:
- applying Extensible Markup Language (XML) markup to a computer-generated document;
  
  locating an executable code embedded in the document;
  
  applying an attribute to a root level element of the XML markup for notifying a subsequent application of the presence of the embedded executable code;
  
  passing the document to the subsequent application;
  
  parsing the XML markup by the subsequent application to locate the attribute applied to the root level element of the XML markup applied to the document; and
  
  if the attribute is located by the subsequent application, rejecting the document as corrupted by the embedded executable code, wherein the attribute comprises a flag that detects the presence of the embedded executable code in the XML document, wherein the embedded executable code comprises a virus, and wherein the flag enables the subsequent application to reject the embedded executable code within the XML document when the XML markup is being parsed by the subsequent application in searching for the presence of the attribute indicating the presence of the embedded executable code in the document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Snyder, Daniel, Treacy, Ambrose, Jones, Brian, Sawicki, Marcin, Little, Robert
Primary Examiner(s)
Hutton; Doug
Assistant Examiner(s)
Hillery; Nathan

Application Number

US10/780,237
Time in Patent Office

1,862 Days
Field of Search

715/513, 715/524, 715/538, 715/540, 715/539
US Class Current

715/234
CPC Class Codes

G06F 21/563 by source code analysis

Anti-virus security information in an extensible markup language document

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Anti-virus security information in an extensible markup language document

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links