Important Security Notes for Microsoft Outlook COM Add-In Developers
Microsoft Corporation
March 2003
Applies to:
Microsoft® Office Outlook® 2003
Summary: Review the latest important security notes for Microsoft Outlook COM add-in developers. (6 printed pages)
COM Add-ins Using Default Security
COM Add-ins Using Security Settings from an Exchange Server
Outlook Object Model Guard Improvements and its Impact on COM Add-ins
Sample Code for Writing a Trusted COM Add-in
Known Issues
New Object Model Blocks in Outlook 2003
Why a Change in Trust Model in Outlook 2003 and Not in Previous Versions of Outlook?
In Microsoft® Office Outlook® 2003, all COM add-ins that run on a computer, not configured to obtain security settings from a Microsoft Exchange Server, are considered trusted by default. This implies that the add-ins that run on clients that are not Exchange clients and the add-ins that use default security in Exchange environments are trusted automatically. As in Outlook 2002, Outlook 2003 trusts only the main Application object that is passed to the OnConnection event of the add-in. Read below for more information.
There has been no change in the way Outlook trusts COM add-ins in an Exchange environment when the security settings are obtained from the Exchange server. An add-in will be considered trusted only if it's registered in the Security Settings folder. Again, as in Outlook 2002, Outlook 2003 trusts only the main Application object that is passed to the OnConnection event of the add-in.
Outlook 2003 inherits the Outlook 2002 object model guard behavior, and in addition, blocks code that attempts to access the Body and HTMLBody properties of various Outlook items. This allows users to verify that the program or add-in accessing the Body and HTMLBody properties of items is trustworthy, before they allow access to the contents of the items. Even though this displays security warnings in the existing COM add-ins that access the Body or HTMLBody properties of items, this will help prevent malicious code from running without the user being aware of it.
You can avoid the display of security warnings by deriving all objects, properties, and methods from the Application object passed in the OnConnection procedure of the add-in. Outlook trusts only the Application object passed in the OnConnection procedure of the add-in. If you create a new Application object—for example, by using the CreateObject method—that object and any of its subordinate objects, properties, and methods will not be trusted and the blocked properties and methods will throw security warnings.
The following add-in uses only the Application object (TrustedOL) passed in the OnConnection procedure of the add-in. Therefore, it does not display security warnings if run in an environment not running Exchange or in an Exchange environment where the add-in has been trusted by the administrator using the Security Settings folder.
This add-in adds a button to the Standard toolbar called "MailItem." When the user clicks the MailItem button, the add-in creates a mailitem and displays a message to the user without displaying any security warnings.
Dim TrustedOL As Outlook.Application
Dim WithEvents oButton As Office.CommandBarButton
Private Sub AddinInstance_OnConnection(ByVal Application As Object,
ByVal ConnectMode As AddInDesignerObjects.ext_ConnectMode, ByVal
AddInInst As Object, custom() As Variant)
Set TrustedOL = Application
Set oButton = TrustedOL.ActiveExplorer.CommandBars.Item("Standard").Controls.Add(, ,
, 1, True)
oButton.Caption = "MailItem"
End Sub
Private Sub AddinInstance_OnDisconnection(ByVal RemoveMode As
AddInDesignerObjects.ext_DisconnectMode, custom() As Variant)
TrustedOL.ActiveExplorer.CommandBars.Item("Standard").Reset
Set TrustedOL = Nothing
Set oButton = Nothing
End Sub
Private Sub obutton_Click(ByVal Ctrl As Office.CommandBarButton,
CancelDefault As Boolean)
Dim MI As Outlook.MailItem
Dim oFolder As Outlook.MAPIFolder
Dim MI2 As Outlook.MailItem
Set MI = TrustedOL.CreateItem(olMailItem)
MI.To = TrustedOL.Session.CurrentUser
MI.Subject = "Test message from COM add-in"
MI.Body = "This is the body."
MI.Save
Set oFolder = TrustedOL.Session.GetDefaultFolder(olFolderInbox)
MsgBox ("I am going to move the item.")
Set MI2 = MI.Move(oFolder)
Set MI = Nothing
Set oFolder = Nothing
Set MI2 = Nothing
End Sub
**Note **For more information on writing trusted Outlook COM add-ins, see OL2002: How to Create Trusted Outlook COM Add-ins.
The following are known issues that result in an add-in hitting object model blocks even though it is constructed properly using the trust mechanism and is considered trusted by Outlook 2003.
When you attempt to bind a control to a property derived from the Inspector object, Outlook 2003 will show the security warning. A Microsoft Visual Basic for Applications (VBA) example is shown below with the line of code that shows the error highlighted in bold text. In this example, the control is being bound to a custom property, but Outlook will show a security warning if you try to bind a control to any property derived from the Inspector object.
Private Sub obutton_Click(ByVal ctrl As Office.CommandBarButton,
CancelDefault As Boolean)
Dim mai As Outlook.MailItem
Dim uprs As Outlook.UserProperties
Dim upr As Outlook.UserProperty
Dim isp As Outlook.Inspector
Dim pags As Pages
Dim pag As MSForms.UserForm
Dim ctrl1 As MSForms.Control
Dim ctrls As MSForms.Controls
Set mai = outApp.CreateItem(olMailItem)
mai.To = outApp.Session.CurrentUser
mai.Save
mai.Subject = "Yes/No binding to a Controls"
Set uprs = mai.UserProperties
Set isp = mai.GetInspector
Set pags = isp.ModifiedFormPages
Set pag = pags.Add("MyFirstPage")
Debug.Print pags.Count
Set upr = uprs.Add("MyFormula", olFormula)
upr.Formula = "[To]"
Set ctrls = pag.Controls
Set ctrl1 = ctrls.Add("Forms.TextBox.1", "MyText", 1)
ctrl1.ItemProperty = "MyFormula"
ctrl1.ControlProperty = "Value"
isp.ShowFormPage "MyFirstPage"
mai.Display
End Sub
A workaround for this scenario is to use the SetControlItemProperty method of the Inspector object, replacing the line that causes the security warning:
ctrl1.ItemProperty = "MyFormula"
With this line:
isp.SetControlItemProperty(ctrl1, "MyFormula")
The following are the additional properties that have been blocked in Outlook 2003:
- The IMAddress and Body properties of a ContactItem object.
- The HTMLBody and Body properties of a MailItem object.
- The HTMLBody and Body properties of a PostItem object.
- The Body property of an AppointmentItem object.
- The Body property of a TaskItem object.
- The Body property of a TaskRequestItem object.
- The Body property of a TaskRequestAcceptItem object.
- The Body property of a TaskRequestDeclineItem object.
- The Body property of a TaskRequestUpdateItem object.
- The Body property of a DistListItem object.
- The Body property of a JournalItem object.
- The Body property of a MeetingItem object.
- The Body property of a ReportItem object.
- The Body property of a RemoteItem object.
- The Body property of a NoteItem object.
- The Body property of a DocumentItem object.
Also, if you use a third-party add-ins, custom solutions, or other programs that integrates with Outlook 2003, you may receive one or more of the following warnings:
- A program is trying to automatically send e-mail on your behalf. Do you want to allow this? If you unexpectedly receive this message, it may be caused by a virus, and you should choose No.
- A program is trying to access e-mail addresses you have stored in Outlook. Do you want to allow this? If you unexpectedly receive this message, it may be caused by a virus, and you should choose No.
These warning messages are commonly associated with software that is designed to synchronize Outlook data with handheld computers, but may occur with any type of add-in or custom solution.
**Note **For more information about the Outlook 2002 Object Model Guard, see Microsoft Outlook 2002 Developer Security Overview.
There are two major factors that contributed to this change in trust model in Outlook 2003. The first is that Outlook 2003 is the first version of Outlook that has Microsoft Windows 2000 SP3 as its minimum platform version. Previous versions of Outlook supported Microsoft Windows 98 operating systems. The second reason is that with the additional object model blocks that are added in Outlook 2003, there are tasks that independent software vendors (ISV) need to handle, that do not have any simple workarounds.