Microsoft issued an advisory late Monday confirming a remote code execution vulnerability affecting its SQL Server line.
The vulnerability affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Microsoft said systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.
From Microsoft's advisory:
Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time.
In addition, due to the mitigating factors for default installations of MSDE 2000 and SQL Server 2005 Express, Microsoft is not currently aware of any third-party applications that use MSDE 2000 or SQL Server 2005 Express which would be vulnerable to remote attack. However, Microsoft is actively monitoring this situation to provide customer guidance as necessary.
Microsoft said it was unaware of any active attacks utilizing the exploit code.
The advisory comes less than a week after Microsoft released a critical security patch to plug vulnerabilities in Internet Explorer amid malicious attackers taking advantage of the security flaws.
PowerBuilder........ PowerBuilder........ PowerBuilder........ PowerBuilder
Monday, December 22, 2008
Thursday, December 4, 2008
Use a Java object from PB (using the Microsoft JVM)
Use the Microsoft javareg utility to register a java class as a COM server. Once registered, the Java class will be visible from all languages that can deal with COM objects. I am giving here some examples in VbScript, JScript, ASP and Powerbuilder.
NOTE: The class can compiled with any JDK but the actual execution will use the Microsoft JVM installed on the system.
The javareg utility is part of the Microsoft Java SDK which can be freely downloaded from the Microsoft Web site.
First a simple Java class.
[JavaSays.java]
package JavaCom;
public class JavaSays {
public String Hello() {
return "Hello world" ;
}
public String Say(String what) {
return what ;
}
}
Then this BAT file is executed to register our class.
javareg /register /class:JavaCom.JavaSays /progid:JavaCom.JavaSays
md c:\Windows\Java\TrustLib\JavaCom
copy JavaSays.class c:\windows\java\trustlib\javacom
That's it. The system now has a COM object called JavaCom.JavaSays installed.
NOTE: The class can compiled with any JDK but the actual execution will use the Microsoft JVM installed on the system.
The javareg utility is part of the Microsoft Java SDK which can be freely downloaded from the Microsoft Web site.
First a simple Java class.
[JavaSays.java]
package JavaCom;
public class JavaSays {
public String Hello() {
return "Hello world" ;
}
public String Say(String what) {
return what ;
}
}
Then this BAT file is executed to register our class.
javareg /register /class:JavaCom.JavaSays /progid:JavaCom.JavaSays
md c:\Windows\Java\TrustLib\JavaCom
copy JavaSays.class c:\windows\java\trustlib\javacom
That's it. The system now has a COM object called JavaCom.JavaSays installed.
Create an XML file
set xdoc = CreateObject("MSXML2.DOMDocument")
set html = xdoc.appendChild(xdoc.CreateElement("HOWTOS"))
set list = html.appendChild(xdoc.createElement("TOPIC"))
set item = list.appendChild(xdoc.createElement("TITLE"))
set text = xdoc.createTextNode("Java")
item.appendChild text
set item = list.appendChild(xdoc.createElement("URL"))
set text = _
xdoc.createTextNode("http://www.rgagnon/javahowto.htm")
item.appendChild text
set list = html.appendChild(xdoc.createElement("TOPIC"))
set item = list.appendChild(xdoc.createElement("TITLE"))
set text = xdoc.createTextNode("Javascript")
item.appendChild text
set item = list.appendChild(xdoc.createElement("URL"))
set text = _
xdoc.createTextNode("http://www.rgagnon/javascripthowto.htm")
item.appendChild text
xdoc.save "test.xml"
set html = xdoc.appendChild(xdoc.CreateElement("HOWTOS"))
set list = html.appendChild(xdoc.createElement("TOPIC"))
set item = list.appendChild(xdoc.createElement("TITLE"))
set text = xdoc.createTextNode("Java")
item.appendChild text
set item = list.appendChild(xdoc.createElement("URL"))
set text = _
xdoc.createTextNode("http://www.rgagnon/javahowto.htm")
item.appendChild text
set list = html.appendChild(xdoc.createElement("TOPIC"))
set item = list.appendChild(xdoc.createElement("TITLE"))
set text = xdoc.createTextNode("Javascript")
item.appendChild text
set item = list.appendChild(xdoc.createElement("URL"))
set text = _
xdoc.createTextNode("http://www.rgagnon/javascripthowto.htm")
item.appendChild text
xdoc.save "test.xml"
Connect to a database
Dim OdbcDSN
Dim connect, sql, resultSet
OdbcDSN = "DSN=Sybase Demo DB V6 DWB;UID=dba;PWD=sql"
Set connect = CreateObject("ADODB.Connection")
connect.Open OdbcDSN
sql="SELECT emp_fname, emp_lname FROM employee"
Set resultSet = connect.Execute(sql)
On Error Resume Next
resultSet.MoveFirst
Do While Not resultSet.eof
WScript.Echo resultSet("emp_lname") & " , " & _
resultSet("emp_fname")
resultSet.MoveNext
Loop
resultSet.Close
connect.Close
Set connect = Nothing
WScript.Quit(0)
Dim connect, sql, resultSet
OdbcDSN = "DSN=Sybase Demo DB V6 DWB;UID=dba;PWD=sql"
Set connect = CreateObject("ADODB.Connection")
connect.Open OdbcDSN
sql="SELECT emp_fname, emp_lname FROM employee"
Set resultSet = connect.Execute(sql)
On Error Resume Next
resultSet.MoveFirst
Do While Not resultSet.eof
WScript.Echo resultSet("emp_lname") & " , " & _
resultSet("emp_fname")
resultSet.MoveNext
Loop
resultSet.Close
connect.Close
Set connect = Nothing
WScript.Quit(0)
Extract data from HTML page
theURL = "www.rgagnon.com/masters/wsh-vbs.html"
with CreateObject("InternetExplorer.Application")
.Navigate("http://" & theURL)
Do until .ReadyState = 4
WScript.Sleep 50
Loop
With .document
set theTables = .all.tags("table")
nTables = theTables.length
for each table in theTables
s = s & table.rows(0).cells(0).innerText _
& vbNewLine & vbNewLine
next
wsh.echo "Number of tables:", nTables, vbNewline
wsh.echo "First table first cell:", s
' get the data with an ID
' msgbox ie.document.getelementbyid("d1").innerHtml
End With
End With
Output is :
>cscript ieextract.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. Tous droits réservés.
Number of tables: 1
First table first cell: VBScript
with CreateObject("InternetExplorer.Application")
.Navigate("http://" & theURL)
Do until .ReadyState = 4
WScript.Sleep 50
Loop
With .document
set theTables = .all.tags("table")
nTables = theTables.length
for each table in theTables
s = s & table.rows(0).cells(0).innerText _
& vbNewLine & vbNewLine
next
wsh.echo "Number of tables:", nTables, vbNewline
wsh.echo "First table first cell:", s
' get the data with an ID
' msgbox ie.document.getelementbyid("d1").innerHtml
End With
End With
Output is :
>cscript ieextract.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. Tous droits réservés.
Number of tables: 1
First table first cell: VBScript
Detect Caps Lock state
[local function declaration]
FUNCTION int GetKeyState(int keystatus) LIBRARY "user32.dll"
[powerscript]
int li_keystate
li_keystate = GetKeyState(20)
IF li_keystate = 1 THEN
MessageBox("", "CAPS on")
ELSEIF li_keystate = 0 THEN
MessageBox("", "CAPS off")
END IF
FUNCTION int GetKeyState(int keystatus) LIBRARY "user32.dll"
[powerscript]
int li_keystate
li_keystate = GetKeyState(20)
IF li_keystate = 1 THEN
MessageBox("", "CAPS on")
ELSEIF li_keystate = 0 THEN
MessageBox("", "CAPS off")
END IF
Convert Win API calls to PB10
Function declaration needs to be modifed to specify ANSI:
FUNCTION long ShellExecuteA (ulong hWnd, &
string Operation, string lpFile, string lpParameters, &
string lpDirectory, long nShowCmd) LIBRARY "shell32.dll" &
ALIAS FOR "ShellExecuteA;Ansi"
From the PowerBuilder 10 Help:If your application makes calls to external functions, and there is a Unicode version of the external function, convert the calls to the Unicode versions of the functions. For example, a call to SQLGetInfo should be changed to SQLGetInfoW.
If the function passes a string, char, or structure as an argument or returns a string, char, or structure, you can use the same syntax in PowerBuilder 10 as in previous releases if the string uses Unicode encoding. For example:
FUNCTION int MyMessageBoxW(int handle, string content, string title, int
showtype) LIBRARY "user32.dll" ALIAS FOR "MessageBoxW"
As for structure with PB10, char is now 16 bit :
// before PB10
global type mystruct from structure
long l1
char pad1
char pad2
long l2
char pad3
char pad4
end type
// PB10
global type mystruct from structure
long l1
char pad1
long l2
char pad2
end type
FUNCTION long ShellExecuteA (ulong hWnd, &
string Operation, string lpFile, string lpParameters, &
string lpDirectory, long nShowCmd) LIBRARY "shell32.dll" &
ALIAS FOR "ShellExecuteA;Ansi"
From the PowerBuilder 10 Help:If your application makes calls to external functions, and there is a Unicode version of the external function, convert the calls to the Unicode versions of the functions. For example, a call to SQLGetInfo should be changed to SQLGetInfoW.
If the function passes a string, char, or structure as an argument or returns a string, char, or structure, you can use the same syntax in PowerBuilder 10 as in previous releases if the string uses Unicode encoding. For example:
FUNCTION int MyMessageBoxW(int handle, string content, string title, int
showtype) LIBRARY "user32.dll" ALIAS FOR "MessageBoxW"
As for structure with PB10, char is now 16 bit :
// before PB10
global type mystruct from structure
long l1
char pad1
char pad2
long l2
char pad3
char pad4
end type
// PB10
global type mystruct from structure
long l1
char pad1
long l2
char pad2
end type
Subscribe to:
Posts (Atom)
Custom Search