Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Security Vulnerability in DirectX Files Viewer ActiveX Control
Article ID: 810202 - View products that this article applies to.
Microsoft has released a patch for a security vulnerability that exists in the DirectX Files Viewer control (Xweb.ocx).
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
328970For additional information about the latest service pack for Microsoft Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/328970/EN-US/ )MS02-066: November, 2002, Cumulative Patch for Internet Explorer
(http://support.microsoft.com/kb/260910/EN-US/ )How to Obtain the Latest Windows 2000 Service Pack
The DirectX Files Viewer control is an older ActiveX control that has been retired. There is a buffer-overrun vulnerability in this control. This vulnerability might cause Internet Explorer to stop working, or might permit an attacker to run arbitrary code and to gain control of your computer. This control (Xweb.ocx) has the following class identifier (CLSID):
970C7E08-05A7-11D0-89AA-00A0C9054129The patch sets the "kill" bit for this control. For additional information about setting the "kill" bit for an ActiveX control, click the following article number to view the article in the Microsoft Knowledge Base:
240797The DirectX File Viewer control is not installed by default with Internet Explorer; it is typically used only by developers or support professionals. This control has been retired and is no longer supported. However, to protect customers, the patch prevents this control from running or from being reintroduced on your computer. The patch prevents this by setting the "kill" bit for this component.
(http://support.microsoft.com/kb/240797/EN-US/ )How to Stop an ActiveX Control from Running in Internet Explorer
Article ID: 810202 - Last Review: February 1, 2007 - Revision: 4.5