A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)

Article translations Article translations
Article ID: 909738 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
Expand all | Collapse all

On This Page

SYMPTOMS

After you install cumulative security update 896688 (MS05-052), a Web page that contains a custom Microsoft ActiveX control does not load as expected in the products that are listed in the "Applies To" section.

This issue occurs when the Web page that contains the ActiveX control is located in the Internet zone. If the Web page is in the intranet zone or is a Trusted site, the ActiveX control loads as expected.

CAUSE

Security update MS05-052 introduces additional checks before a Microsoft Component Object Model (COM) object can run in Microsoft Internet Explorer. The intent of this change is to prevent COM objects that were not designed to be instantiated in Internet Explorer from being instantiated in Internet Explorer. One of the checks that is introduced with MS05-052 is that Internet Explorer now checks for the IObjectSafety interface for ActiveX controls in the Internet zone before a COM object can run in Internet Explorer.

RESOLUTION

To resolve this issue, recompile the ActiveX control. Then, mark the control as safe for scripting and safe for initialization when the control is run in the context of an Internet browser.

For more information about how to mark an MFC ActiveX control as safe for scripting and initialization, click the following article number to view the article in the Microsoft Knowledge Base:
161873 How to mark MFC ActiveX controls as Safe for Scripting and Initialization

WORKAROUND

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Warning If you edit the metabase incorrectly, you can cause serious problems that may require you to reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk.

Note Always back up the metabase before you edit it.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


To work around this issue, use one of the following methods:

Set the safe for scripting and safe for initialization value in the registry

If you cannot recompile the ActiveX control, but the control developer classifies the ActiveX control as safe for scripting and safe for initialization, you can use one of the following registry values to mark the ActiveX control as safe for scripting and safe for initialization:
  • {7DD95801-9882-11CF-9FA9-00AA006C42C4}
  • {7DD95802-9882-11CF-9FA9-00AA006C42C4}
For example, if the CLSID for the ActiveX control is {A697E83F-3B53-11D1-8AE4-006097ED2008}, you can add one of the following registry values to mark the ActiveX control as safe for scripting and safe for initialization:
  • HKEY_CLASSES_ROOT\CLSID\{A697E83F-3B53-11D1-8AE4-006097ED2008}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
  • HKEY_CLASSES_ROOT\CLSID\{A697E83F-3B53-11D1-8AE4-006097ED2008}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

Move the Web site to a different zone

If the Web site can be trusted, you can move the Web site to a more trusted zone. For more information about how to add a Web site to a security zone, visit the following Microsoft Web site:
http://www.microsoft.com/windows/ie/ie6/using/howto/security/settings.mspx

Set the ActiveX compatibility value in the registry

You can set the ActiveX compatibility flag in the registry. To do this, follow these steps:
  1. Click Start, click Run, type Regedit.exe, and then click OK.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility
  3. Right-click ActiveX Compatibility, point to New, click Key, type the CLSID for the ActiveX control, and then press ENTER.
  4. Right-click the key that you created in step 3, point to New, and then click DWORD Value.
  5. Type Compatibility Flags, and then press ENTER.
  6. Right-click Compatibility Flags, and then click Modify.
  7. In the Value data box, type 00800000, and then click OK.
  8. Quit Registry Editor.

REFERENCES

For more information about cumulative security update MS05-052, click the following article number to view the article in the Microsoft Knowledge Base:
896688 MS05-052: Cumulative security update for Internet Explorer
For more information about the IObjectSafety interface, visit the following Microsoft Developer Network (MSDN) Web site:
http://msdn2.microsoft.com/library/aa768224.aspx

Properties

Article ID: 909738 - Last Review: October 11, 2007 - Revision: 2.9
APPLIES TO
  • Microsoft Internet Explorer 6.0 SP1, when used with:
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows 2000 Server SP4
    • Microsoft Windows 2000 Professional SP4
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Advanced Server SP4
    • Microsoft Windows Millennium Edition
    • Microsoft Windows 98 Second Edition
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
  • Microsoft Internet Explorer 5.5, when used with:
    • Microsoft Windows Millennium Edition
  • Microsoft Internet Explorer 5.01 SP4, when used with:
    • Microsoft Windows 2000 Server SP4
    • Microsoft Windows 2000 Professional SP4
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Advanced Server SP4
Keywords: 
kbactivexscript kbinetdev kbtshoot kbprb KB909738

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com