Office Viewer Component

When you develop a worksheet with the macro in the activex control,  you can use the thisworkbook.sheets(”") or thisapplication.workbook(”") to replace the workbook.sheets(”") or application.sheets(”").

Question:
We are using Office Viewer with ASP 2.0 to allow document editing via web page.

With the following configuration we experience a crash after one previews a document. (windows error ‘ Microsoft Office Word has encountered a problem and needs to close. We are sorry for the inconvenience’)

To reproduce:
Office Viewer Component (Eval 5.3.407.1)

OS: XP SP1

Web Browser: IE6

Office: Word 2003 - SP1 and SP2.

Open a document in ASP with Office Viewer, Select ‘Print Preview’ then select ‘Close Preview’

Solution:
This is a bug in MS Office 2003. You need update to Office SP 2.

Two Packs:

Office2003SP2-KB887616

office2003-KB934181

Office 2007 needn’t to pack.

Since the digital signature of an ActiveX control stays with the file it was attached to, there is a permanent evidence of the designed intent of the control by the developers. However, this evidence does not account for all possible conditions the control may be used in but were never tested for.

ActiveX controls marked as safe are supposed to be safe in all possible conditions. So a control marked as safe for scripting (SFS) or safe for initialization (SFI) must be written to protect itself from any unpredictable results a script author might unintentionally create when scripting the control. While it is relatively easy for a programmer to create a control with adequate guards to avoid misuse, it is impossible to guarantee that the control is always safe when used with scripting created by another author or programmer.

If a control is marked safe for initializing or safe for scripting, the developers are claiming that no matter what values are used to initialize the control, it will not do anything to damage a user’s system or compromise the user’s security when the control is initialized in any way.

The developer of an ActiveX control should take extra care to ensure that a control is in fact safe before it is marked as safe. For example, each ActiveX control, at a minimum, should be evaluated for the following issues:

• It does not over-index arrays or otherwise manipulate memory incorrectly, thereby causing a memory leak or corrupt memory region.
• It validates and corrects all input, including initialization, method parameters, and property setting functions (implements acceptable I/O validation and defense methods)
• It does not misuse any data about, or provided by, the user
• It was tested in a variety of circumstances

I’m using the office viewer activex control. I have spent lots of time in solving the bug of dsoframer. It is originally developed by Microsoft as a C++ ActiveX control sample to host/embed ms-office documents (download here). But unfortunately it also have several bugs:

1. The title of the host application will go garbled when the control is disposed.

2. Event can not be fired correctly when embedded directly in a winform control.

3. Events can not be fired when wrapped in a C# user-control.

4. Call DSOFramer to handle word in IE cause IE crash.

5. Word 2007 files will be deleted after saving.

6. Files are locked so the upload action will always fail.

Can not start a separate office process to handle the documents if there is already an existing one. This may lead to miscellaneous bugs such as: no response of toolbar, can not start office externally after control is initialized, redo/undo influence all the instances instead of the active one, etc.

Are the issues exist in your component? It looks more steady than the dsoframer and has more functions.

If a user attempts to install and run an unregistered ActiveX control from the Internet, Internet Explorer checks to see if the control was digitally signed. If the ActiveX (OCX) file has a certificate of trust that is already trusted on the user’s computer, it is accepted, installed, and registered. Depending on the security level set for use by Internet Explorer, if the certificate of trust is unknown to the system, the user is presented with the option to install the control. If the user accepts the option to install the control, the certificate of trust associated with the control is noted in the registry.

If the ActiveX (OCX) file is installed as part of an application from a CD or other locally opened resource, there is no examination of the certificate (if there is one) associated with the OCX file. It is assumed the file is associated with an application which has been deemed safe to install by the user, and it is installed and registered without challenge.

Once the control is installed on a user’s system, the control no longer invokes code-signing dialog boxes when started. After a control is installed, it is considered safe even if it was not digitally signed originally.

EDraw Office Viewer Component has been signed with EDrawSoft digital signature. It’s safe to download with the default internet safety level.