Michael Howard's Web Log : IE8 Activity to lookup CVEs and Microsoft bulletins

Books

Security

My old Blog

Archives

IE8 Activity to lookup CVEs and Microsoft bulletins

Update: Added Microsoft bulletin stuff.

I'm always looking up CVEs so I want to get to the data as quickly as possible, especially if I'm digging through a load of them.

Three years ago I posted some code to perform CVE lookup using Smart Tags in Microsoft Office.

IE8 offers similar functionality to Smart Tags, but way more flexible, named Activities. So I did a bit of digging around, and found this article by Jane Kim in the IE8 team that explains how to use and create Activities (and provides links to all the appropriate documentation.)

So I decided to write my own activity to look up CVEs from within IE8. Here's the XML:

<?xml version="1.0" encoding="utf-8"?>
<openServiceDescription xmlns="http://www.microsoft.com/schemas/openservicedescription/1.0">
<homepageUrl>http://nvd.nist.gov</homepageUrl>
    <display>
    <name>Lookup CVE with NIST</name>
    <icon>http://nvd.nist.gov/favicon.ico</icon>
</display>
<activity category="define">
    <activityAction context="selection" >
      <preview action="http://nvd.nist.gov/nvd.cfm">
        <parameter name="cvename" value="{selection}" />
      </preview>
      <execute action="http://nvd.nist.gov/nvd.cfm">
        <parameter name="cvename" value="{selection}" type="text" />
      </execute>
    </activityAction>
</activity>
</openServiceDescription>

Here's the same code, but tweaked for Microsoft Security bulletins:

<?xml version="1.0" encoding="utf-8"?>
<openServiceDescription
    xmlns="http://www.microsoft.com/schemas/openservicedescription/1.0">
<homepageUrl>http://www.microsoft.com</homepageUrl>
<display>
    <name>Lookup Microsoft Bulletin</name>
    <icon>http://www.microsoft.com/favicon.ico</icon>
</display>
<activity category="define">
    <activityAction context="selection" >
      <preview action="http://www.microsoft.com/technet/security/bulletin/{selection}.mspx">
      </preview>
    <execute action="http://www.microsoft.com/technet/security/bulletin/{selection}.mspx">
    </execute>
  </activityAction>
</activity>
</openServiceDescription>

To install, copy the file(s) to a Web server, and then run the following from within IE8:

<button
onclick="window.external.addService('http://localhost/<name>.xml')">
CVE Lookup Activity
</button>

Now when you click a CVE, you'll have the option to do a CVE lookup:

Voila!

Posted: Tuesday, March 18, 2008 8:06 PM by michael_HOWARD

Filed under: Security

Comments

MSDN Blog Postings » IE8 Activity to lookup CVEs and Microsoft bulletins said:

PingBack from http://msdnrss.thecoderblogs.com/2008/03/19/ie8-activity-to-lookup-cves-and-microsoft-bulletins/

# March 19, 2008 12:47 AM

anonymous said:

The 2nd sample code is missing quotes around the xmlns value.

# March 30, 2008 12:53 AM

New Comments to this post are disabled

Michael Howard's Web Log

Recent Posts

Tags