Update Available for Vulnerabilities in ActiveX Controls Issue

Article translations Article translations
Article ID: 241361
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

Summary

Microsoft has released an update to Internet Explorer that addresses a potential security vulnerability that may be posed by several ActiveX controls that are included with Internet Explorer 4.x and 5.

More information

This problem in resolved in Internet Explorer 5.01 and later. Microsoft recommends that you upgrade to the latest version of Internet Explorer to resolve this problem.

For additional information about how to determine which version of Internet Explorer you are using, click the following article number to view the article in the Microsoft Knowledge Base:
164539 How to Determine Which Version of Internet Explorer Is Installed
For additional information about how to obtain the latest version of Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:
267954 How to Obtain the Latest Internet Explorer 5.5 Service Pack
For additional information about how to obtain the latest version of Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:
328548 How to Obtain the Latest Internet Explorer 6 Service Pack
When this problem occurs, the ActiveX controls at issue are incorrectly marked as "safe for scripting." The "safe for scripting" denotation indicates that a control is verifiably unable to take harmful action on a user's computer, and can be safely called from a Web site without asking the user's permission. However, these controls should not have been marked as "safe for scripting," because they can take action that could be misused to cause harm. The following list describe these controls:
  • Kodak Image Edit: Wang Imaging
  • Kodak Image Annotation: Wang Imaging
  • Kodak Image Scan: Wang Imaging
  • Kodak Thumbnail Image: Wang Imaging
  • Wang Image Admin: Wang Imaging
  • HHOpen: HTML help files
  • Registration Wizard: Internet Explorer Product Registration
  • IE Active Setup: Internet Explorer Setup
Internet Explorer 5.01 and later versions prevent these unsafe ActiveX controls from running in Internet Explorer by setting the "kill bit" for each control. The kill bit is a flag that prevents Web sites from being able to load and run a particular ActiveX control. For additional information about the kill bit, click the following article number to view the article in the Microsoft Knowledge Base:
240797 How to Stop an ActiveX Control from Running in Internet Explorer

References

http://www.microsoft.com/TechNet/security/bulletin/ms99-037.asp

Properties

Article ID: 241361 - Last Review: June 19, 2014 - Revision: 6.0
Keywords: 
kbnosurvey kbarchive kbinfo KB241361

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com