Article ID: 241361 - Last Review: January 25, 2007 - Revision: 4.1

Update Available for Vulnerabilities in ActiveX Controls Issue

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q241361
Expand all | Collapse all

SUMMARY

Microsoft has released an update to Internet Explorer that addresses a potential security vulnerability that may be posed by several ActiveX controls that are included with Internet Explorer 4.x and 5.
Back to the top

MORE INFORMATION

This problem in resolved in Internet Explorer 5.01 and later. Microsoft recommends that you upgrade to the latest version of Internet Explorer to resolve this problem.

For additional information about how to determine which version of Internet Explorer you are using, click the following article number to view the article in the Microsoft Knowledge Base:
164539  (http://support.microsoft.com/kb/164539/EN-US/ ) How to Determine Which Version of Internet Explorer Is Installed
For additional information about how to obtain the latest version of Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:
267954  (http://support.microsoft.com/kb/267954/EN-US/ ) How to Obtain the Latest Internet Explorer 5.5 Service Pack
For additional information about how to obtain the latest version of Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:
328548  (http://support.microsoft.com/kb/328548/EN-US/ ) How to Obtain the Latest Internet Explorer 6 Service Pack
When this problem occurs, the ActiveX controls at issue are incorrectly marked as "safe for scripting." The "safe for scripting" denotation indicates that a control is verifiably unable to take harmful action on a user's computer, and can be safely called from a Web site without asking the user's permission. However, these controls should not have been marked as "safe for scripting," because they can take action that could be misused to cause harm. The following list describe these controls:
  • Kodak Image Edit: Wang Imaging
  • Kodak Image Annotation: Wang Imaging
  • Kodak Image Scan: Wang Imaging
  • Kodak Thumbnail Image: Wang Imaging
  • Wang Image Admin: Wang Imaging
  • HHOpen: HTML help files
  • Registration Wizard: Internet Explorer Product Registration
  • IE Active Setup: Internet Explorer Setup
Internet Explorer 5.01 and later versions prevent these unsafe ActiveX controls from running in Internet Explorer by setting the "kill bit" for each control. The kill bit is a flag that prevents Web sites from being able to load and run a particular ActiveX control. For additional information about the kill bit, click the following article number to view the article in the Microsoft Knowledge Base:
240797  (http://support.microsoft.com/kb/240797/EN-US/ ) How to Stop an ActiveX Control from Running in Internet Explorer
Back to the top

REFERENCES

http://www.microsoft.com/TechNet/security/bulletin/ms99-037.asp (http://www.microsoft.com/TechNet/security/bulletin/ms99-037.asp)
Back to the top
APPLIES TO
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 4.01 128-Bit Edition
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.0 128-Bit Edition
Back to the top
Keywords: 
kbinfo KB241361
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers