I searched on this group for a message about this SW security vulnerability and didn't find it. You can read about it at
SolidWorks Technical Tip
SolidWorks sldimdownload ActiveX control security vulnerability
Level:Beginner
Solution ID:S-014446
Category:Administration, Installation
Products/Version: SolidWorks 2007
Last revised: April 5, 2007
SolidWorks has recently been made aware of a security vulnerability in an activeX control on the SolidWorks website that is used to help customers download the latest version of SolidWorks.
SolidWorks has modified this control to remove the security vulnerability. However, customers may need to take an action to eliminate the risk entirely.
Who is affected? Customers that have downloaded SolidWorks from the SolidWorks support website using the SolidWorks installation manager during the 2007 release cycle. Customers who have not downloaded SolidWorks or SolidWorks patches during the 2007 release cycle are not affected. Customers who have used the 'manual' method of downloading SolidWorks files are not affected.
What is the vulnerability? To start the installation process, a small control is loaded in the customer's browser to initiate the download. This control had a vulnerability that could, under certain circumstances, be used to gain access to a user's computer. In order to do this, the user would have to be tricked into browsing to a specially crafted website that was designed to take advantage of this vulnerability. SolidWorks is aware of no incidents of this type occurring.
We believe the risk of this occurring is low.
What should a SolidWorks user do? If you believe you are affected, we strongly recommend that Solidworks customers take action to eliminate even the slightest risk of this issue occurring.
To eliminate this risk, we recommend one of the following two options:
- Upgrade the activeX control. To do this, go to c:\windows \downloaded program files (replace c:\windows as necessary for your operating system location). Right click on sldimdownloadiface and select update. This will update your control with the latest version, and eliminate the risk.
OR
- Remove the activeX control. To do this, go to c:\windows\downloaded program files (replace c:\windows as necessary for your operating system location). Right click on sldimdownloadiface and select remove. This will remove the control and eliminate the risk.