Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)
Article ID: 909738 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
After you install cumulative security update 896688 (MS05-052), a Web page that contains a custom Microsoft ActiveX control does not load as expected in the products that are listed in the "Applies To" section.
This issue occurs when the Web page that contains the ActiveX control is located in the Internet zone. If the Web page is in the intranet zone or is a Trusted site, the ActiveX control loads as expected.
Security update MS05-052 introduces additional checks before a Microsoft Component Object Model (COM) object can run in Microsoft Internet Explorer. The intent of this change is to prevent COM objects that were not designed to be instantiated in Internet Explorer from being instantiated in Internet Explorer. One of the checks that is introduced with MS05-052 is that Internet Explorer now checks for the IObjectSafety interface for ActiveX controls in the Internet zone before a COM object can run in Internet Explorer.
To resolve this issue, recompile the ActiveX control. Then, mark the control as safe for scripting and safe for initialization when the control is run in the context of an Internet browser.
For more information about how to mark an MFC ActiveX control as safe for scripting and initialization, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/161873/ )How to mark MFC ActiveX controls as Safe for Scripting and Initialization
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Warning If you edit the metabase incorrectly, you can cause serious problems that may require you to reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk.
Note Always back up the metabase before you edit it.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To work around this issue, use one of the following methods:
Set the safe for scripting and safe for initialization value in the registryIf you cannot recompile the ActiveX control, but the control developer classifies the ActiveX control as safe for scripting and safe for initialization, you can use one of the following registry values to mark the ActiveX control as safe for scripting and safe for initialization:
Move the Web site to a different zoneIf the Web site can be trusted, you can move the Web site to a more trusted zone. For more information about how to add a Web site to a security zone, visit the following Microsoft Web site:
Set the ActiveX compatibility value in the registryYou can set the ActiveX compatibility flag in the registry. To do this, follow these steps:
For more information about cumulative security update MS05-052, click the following article number to view the article in the Microsoft Knowledge Base:
896688For more information about the IObjectSafety interface, visit the following Microsoft Developer Network (MSDN) Web site:
(http://support.microsoft.com/kb/896688/ )MS05-052: Cumulative security update for Internet Explorer
Article ID: 909738 - Last Review: October 11, 2007 - Revision: 2.9