Security Vulnerability in DirectX Files Viewer ActiveX Control

Article translations Article translations
Article ID: 810202 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SUMMARY

Microsoft has released a patch for a security vulnerability that exists in the DirectX Files Viewer control (Xweb.ocx).

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
328970 MS02-066: November, 2002, Cumulative Patch for Internet Explorer
For additional information about the latest service pack for Microsoft Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

MORE INFORMATION

The DirectX Files Viewer control is an older ActiveX control that has been retired. There is a buffer-overrun vulnerability in this control. This vulnerability might cause Internet Explorer to stop working, or might permit an attacker to run arbitrary code and to gain control of your computer. This control (Xweb.ocx) has the following class identifier (CLSID):
970C7E08-05A7-11D0-89AA-00A0C9054129
The patch sets the "kill" bit for this control. For additional information about setting the "kill" bit for an ActiveX control, click the following article number to view the article in the Microsoft Knowledge Base:
240797 How to Stop an ActiveX Control from Running in Internet Explorer
The DirectX File Viewer control is not installed by default with Internet Explorer; it is typically used only by developers or support professionals. This control has been retired and is no longer supported. However, to protect customers, the patch prevents this control from running or from being reintroduced on your computer. The patch prevents this by setting the "kill" bit for this component.

Properties

Article ID: 810202 - Last Review: February 27, 2014 - Revision: 4.5
APPLIES TO
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Media Center Edition
    • Microsoft Windows XP Tablet PC Edition
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
    • Microsoft Windows NT Server 4.0 Standard Edition
    • Microsoft Windows NT Server 4.0, Terminal Server Edition
    • Microsoft Windows NT Workstation 4.0 Developer Edition
    • Microsoft Windows Millennium Edition
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.01
Keywords: 
kbnosurvey kbarchive kbwin2ksp4fix kbsecurity kbinfo KB810202

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com