Results 1 to 6 of 6

Thread: ActiveX and CLSID {00000000-0000-0000-0000-000000000000}

  1. #1
    Junior Member
    Join Date
    Oct 2007
    Posts
    2

    Question ActiveX and CLSID {00000000-0000-0000-0000-000000000000}

    During the IMMUNIZE function of Spybot, a registry entry is added:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-0000-0000-0000-000000000000} (DWORD binary: 400 ; hex: 1024)

    Can you shed some light on the logic behind this setting? How is setting this registry setting protecting my machine from Spyware, and what risks specifically are mitigated with this setting?

    We've found this setting to be incompatable with several Office 2007 proggies, and Microsoft recommends removing this key that was added by Spybot S&D. I need some info so we can make a decision. Thanks in advance!

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    someguy:

    GUID/CLSID ={00000000-0000-0000-0000-000000000000} is null GUID/CLSID (Globally Unique Identifier/Class Identifier). Both Spybot and SpywareBlaster set the following registry entry to prevent the use of a null GUID/CLSID in ActiveX processes:

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-0000-0000-0000-000000000000}]
    Compatibility Flags=dword:00000400
    It appears the Sharepoint 2007 and possibly other Microsoft programs are now using a null GUID/CLSID.

    The pertinent question is why Microsoft has chosen to use a null GUID (Globally Unique Identifier) in their latest software rather than a GUID that should be unique (by definition) to their application.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Oct 2007
    Posts
    2

    Default

    Thanks for the response.

    Could you please expand on "...to prevent the use of a null GUID/CLSID in ActiveX processes" a little bit? Can you provide examples of specific threats that utilize all zero CLSIDs?

    Microsofts Defender doesn't add that reg entry, so is their product vulnerable to threats that Spybot can prevent?

    Again, thanks for your help...

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Quote Originally Posted by someguy View Post
    Could you please expand on "...to prevent the use of a null GUID/CLSID in ActiveX processes" a little bit?
    Microsoft Knowledge Base Article - 240797


    Quote Originally Posted by someguy View Post
    Can you provide examples of specific threats that utilize all zero CLSIDs?
    Although I did not find any ActiveX using that GUID, here are some threats that do that use that GUID:



    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Question

    found this thread through google this morning and was amazed that someone else was looking at the same key we were.

    what's the danger of having a null clsid on an activex control?

    does anyone know if security changes for IE 7 fixes whatever that key is meant to protect us against?


  6. #6
    Junior Member
    Join Date
    Jul 2010
    Posts
    1

    Default ActiveX and CLSID {00000000-0000-0000-0000-000000000000}

    One side-effect of having the killbit set for the Null GUID is that Office applications may disable .Net add-ins like SharePoint workflows. It appears that all addins pass through the same safety check but since the .Net add-ins have no ActiveX Control/ClassId they get mapped against the Null GUID.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •