Notified: March 09, 2009 Updated: August 12, 2016
The LDRA TBbrowse component uses the Microsoft Internet Explorer HTML framework to implement an HTML report viewer. The IntraLaunch.ocx control allows these reports to include active links to other reports. The use of IntraLaunch is optional, and the user is asked to confirm their wish to include it as part of the installation. As of LDRA 9.45 the ActiveX control can be disabled without loss of report functionality. As of LDRA 9.57, the IntraLaunch ActiveX control is no longer provided.
Disabling IntraLaunch via the “kill-bit” is not a viable option if a user wishes to make use of the intra-report links displayed within TBbrowse. However, given the vulnerability noted in VU#908801 it is still advisable to take appropriate security measures: Disable the use of ActiveX controls in the Internet Zone or ensure that any affected machine does not have access to the internet (e.g. via firewall settings). Ensure that any affected machine does not have access to any other untrusted network that may be used as an attack vector.