Article ID: 810202 - Last Review: February 1, 2007 - Revision: 4.5 Security Vulnerability in DirectX Files Viewer ActiveX ControlSUMMARYMicrosoft has released a patch for a security vulnerability
that exists in the DirectX Files Viewer control (Xweb.ocx).
For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 328970
(http://support.microsoft.com/kb/328970/EN-US/
)
MS02-066: November, 2002, Cumulative Patch for Internet Explorer
For additional information about the latest service pack for Microsoft Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: 260910
(http://support.microsoft.com/kb/260910/EN-US/
)
How to Obtain the Latest Windows 2000 Service Pack MORE INFORMATIONThe DirectX Files Viewer control is an older ActiveX control
that has been retired. There is a buffer-overrun vulnerability in this control.
This vulnerability might cause Internet Explorer to stop working, or might
permit an attacker to run arbitrary code and to gain control of your computer.
This control (Xweb.ocx) has the following class identifier (CLSID): 970C7E08-05A7-11D0-89AA-00A0C9054129 The patch sets the "kill" bit for this control. For
additional information about setting the "kill" bit for an ActiveX control,
click the following article number to view the article in the Microsoft
Knowledge Base: 240797
(http://support.microsoft.com/kb/240797/EN-US/
)
How
to Stop an ActiveX Control from Running in Internet Explorer
The DirectX File Viewer control is not installed by
default with Internet Explorer; it is typically used only by developers or
support professionals. This control has been retired and is no longer
supported. However, to protect customers, the patch prevents this control from
running or from being reintroduced on your computer. The patch prevents this by
setting the "kill" bit for this component.APPLIES TO
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
