Article ID: 912945 - View products that this article applies to.
NOTICE
The update that is described in this article is included in the most current cumulative security update for Internet Explorer. To install the most current update, install all important or high-priority updates. To do this, visit the Windows Update Web site:
http://update.microsoft.com
For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/current.aspx
This article is intended to notify IT professionals and developers about a change in the way Internet Explorer handles ActiveX controls. Home users can visit the following Microsoft Web site for information about how Internet Explorer handles ActiveX controls when this update is installed:
http://www.microsoft.com/windows/ie/ie6/using/techinfo/activexupdate.mspx
Note If you are experiencing problems with an ActiveX control on a Web site that you trust, add the Web site to the Trusted Sites zone in Internet Explorer. To do this, follow these steps in Internet Explorer:
  1. On the Tools menu, click Internet Options.
  2. On the Security tab, click Trusted Sites, and then click Sites.
  3. Under Add this website to the zone, type the URL of the Web site that you want to add.
  4. Click Add, and then click Close.
If the problem persists, visit the following Microsoft Web site:
http://support.microsoft.com/ph/807
Important The information in this article applies to versions of Internet Explorer that were released and updated between April 2006 and April 2008. In April 2008, the behavior that is described in this article was removed from Internet Explorer by security update MS08-024. For more technical information about MS08-024, click the following article number to view the article in the Microsoft Knowledge Base:
947864 MS08-024: Cumulative security update for Internet Explorer
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released a software update to Microsoft Internet Explorer 6 for Windows XP Service Pack 2 (SP2) and for Windows Server 2003 Service Pack 1 (SP1). This update changes how Internet Explorer handles some Web pages that use ActiveX controls and Java add-ins. Examples of ActiveX controls include the following:
Adobe Reader
Apple QuickTime Player
Macromedia Flash Player
Microsoft Windows Media Player
Real Networks RealPlayer
Sun Java Virtual Machine
After you install this update, you cannot interact with ActiveX controls from certain Web pages until these controls are enabled. To enable an ActiveX control, manually click the control. There are also techniques that Web developers can use to update their Web pages. For more information about these techniques, visit the following MSDN Web site:
http://msdn2.microsoft.com/en-us/library/ms537508.aspx
When you install this update, the Plugin.ocx binary is completely removed from Windows Server 2003 and Windows XP. The Plugin.ocx binary is a private component of Internet Explorer without any public interfaces. Plugin.ocx is used to host Netscape plug-ins as ActiveX controls. The functionality of Plugin.ocx was disabled in 2003 in Windows Server 2003 and Windows XP for security reasons. This update removes the nonfunctional Plugin.ocx code completely.

As part of this Internet Explorer update, Microsoft will release updates to the current versions of Windows XP and of Windows Server 2003. All client operating systems will be updated. These client operating systems include the following:
  • Windows XP Starter Edition
  • Windows XP Home Edition
  • Windows XP Professional Edition
  • Windows XP Tablet PC Edition
  • Windows XP Media Center Edition
  • Windows XP Professional for Embedded Systems
Currently, Microsoft has not released updates for earlier versions of Internet Explorer, Windows Server 2003, or Windows XP. However, Microsoft may release updates for these earlier versions in the future. More information about release schedules will be posted in this article when the information becomes available.

The following files are available for download from the Microsoft Download Center:

Update for Internet Explorer for Windows Server 2003, 32-bit x86-based versions with Service Pack 1:
Collapse this imageExpand this image
Download
Download the 912945 package now.
Update for Internet Explorer for Windows Server 2003, 64-bit Itanium-based versions with Service Pack 1:
Collapse this imageExpand this image
Download
Download the 912945 package now.
Update for Internet Explorer for Windows Server 2003, 64-bit x64-based versions:
Collapse this imageExpand this image
Download
Download the 912945 package now.
Update for Internet Explorer for Windows XP Professional x64 Edition:
Collapse this imageExpand this image
Download
Download the 912945 package now.
Update for Internet Explorer for Windows XP with Service Pack 2:
Collapse this imageExpand this image
Download
Download the 912945 package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

More information

Known issues

  • Internet Explorer ActiveX update that is contained in security update 912812 is disabled

    After you deploy update 912945 for Internet Explorer, the behavior of the Internet Explorer ActiveX update that is contained in security update 912812 is disabled. The security fixes that are contained in security update 912812 are still present and will still function. Only the Internet Explorer ActiveX update behavior is disabled.
  • Web page rendering issues within Internet Explorer

    This issue occurs if Mshtml.dll is ever reregistered after you install this cumulative update. This issue is resolved in security update 912812 for Internet Explorer.
    912812 MS06-013: Cumulative security update for Internet Explorer

    We recommend that you install security update 912812 for Internet Explorer instead of installing update 912945 that is described in this article.
  • Initial logon dialog boxes may reappear and reset to default configurations

    This issue occurs if you deploy the hotfix version of this software update on 64-bit systems, such as an Itanium-based or x64-based version of Windows Server 2003 or an x64-based version of Windows XP with their respective service packs. In this case, the initial logon dialog boxes may appear for applications and for Windows components. Additionally, some settings reset to default. This behavior may cause the following issues:
    • Applications ask users to opt in to privacy features.
    • Default settings for Internet Explorer favorites are reset.
    • Internet Explorer security zones are reset to default settings.
    • Internet Explorer advanced settings are reset to default settings.
    • Initial Windows Media Player dialog boxes appear.
    This issue is resolved in security update 912812 for Internet Explorer.
  • Google Toolbar

    You may experience an access violation in the Google Toolbar when you close a window that contains an inactive ActiveX control. Microsoft and Google technical teams have been working together to address this issue. Google is expected to fix this problem by using its automatic "servicing mechanism" for Google Toolbar users. This problem affects Google Toolbar versions before version 3.0.129.2. Visit the following Google Web site to download the latest version:
    http://toolbar.google.com
  • External script technique does not work when the "Disable Script Debugging (Internet Explorer)" check box is cleared

    This issue is resolved in security update 912812 for Internet Explorer.
  • ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4

    After you click an ActiveX add-in control in a program that runs the add-in control by using Java Platform, Standard Edition (J2SE) 1.3 or J2SE 1.4, the focus does not move to the add-in control. You must click the control again to establish focus. The focus behavior works correctly in J2SE 1.5. To obtain the latest version of J2SE, visit the following Sun Microsystems, Inc. Web site:
    http://java.sun.com/j2se
  • Unable to use the /integrate switch to update Windows installation source files

    Administrators cannot use the /integrate switch to update Windows installation source files with this update. This is expected to be fixed in the next update for Windows Server 2003 and Windows XP. To work around this issue, use the Sysprep tool. For more information, visit the following Microsoft Web site:
    http://technet.microsoft.com/en-us/library/bb457067.aspx
    This issue is resolved in security update 912812 for Internet Explorer.
  • Siebel programs that use ActiveX controls

    Software update 912945 affects all Siebel 7 High Interactive clients. After you apply this update, you must click several times to interact with the Siebel program, one time for each ActiveX control in the program. Siebel is working with Microsoft to determine a solution. A Siebel product update is expected to be released some time in the spring of 2006. For more information about Siebel product updates, visit the following Siebel Support Web site:
    http://www.oracle.com/siebel/index.html
  • Substring match opt-in process names

    By default, certain applications have process names that are a subset of applications that are opted in to the new ActiveX behavior. An example would be APExplorer.exe, where a substring of this name is Explorer.exe. Therefore, Explorer.exe is opted in to the new ActiveX behavior. Such applications exhibit the new ActiveX behavior.

    This issue is resolved in security update 912812 for Internet Explorer.
  • MFC controls leave a permanent window

    In certain cases, when moving away from a page that has an MFC ActiveX control, the control still appears in the new window. This issue is resolved in security update 916281 for Internet Explorer.
  • Visual Basic controls do not appear

    In certain cases, controls that are created in Visual Basic that are displayed with display and visibility CSS attributes may not appear. This issue is resolved in security update 916281 for Internet Explorer.
  • Security warning message when you try to open a PDF document from a secure (https://) Web page

    When you try to open a PDF document from a secure (https://) Web page, you incorrectly receive a security warning message for mixed content. This issue is resolved in security update 916281 for Internet Explorer.
For recommended techniques to make sure that ActiveX controls function without user interaction, visit the following MSDN Web site:
http://msdn2.microsoft.com/en-us/library/ms537508.aspx
The following issues occur on Web sites that do not use the recommended techniques.

Note All these issues are resolved by using the techniques that are described on the MSDN Web site.
  • Scrolling
    When you use the mouse wheel to scroll through a page that contains an interactive control, the control may not be displayed correctly. This issue is resolved in security update 912812 for Internet Explorer.
  • Abstract Window Toolkit
    Access violations have been reported with Java programs that use Abstract Window Toolkit (AWT) classes in the user interface. This issue is resolved in security update 912812 for Internet Explorer.
  • Transparent Flash
    A full-page ad disappears. However, the focus rectangle remains. In this situation, the control is still there. However, it is transparent. Therefore, the associated overlay window remains on the page.
  • DHTML menus
    When a DHTML menu is expanded, the menu may appear on top of an ActiveX control. If you click the menu in this situation, you enable the control instead of gaining access to the DHTML menu. The overlay window has the highest z-order. Therefore, this window receives the mouse-click message.
  • Controls that prompt before they are loaded
    When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.
  • CSS attributes on controls
    Controls that are hidden or that have a display-mode setting of None, but that do have size dimensions, display the focus rectangle when you move the pointer over them.
    This issue is resolved in security update 916281 for Internet Explorer.


The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Properties

Article ID: 912945 - Last Review: November 30, 2012 - Revision: 16.0
Applies to
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows XP Professional x64 Edition
Keywords: 
kbresolve kbwebbrowser kbactivexscript kbonline kbexpertiseadvanced kbhowto kbfaq KB912945

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com