Help and Support
 

powered byLive Search

Update Available for Vulnerabilities in ActiveX Controls Issue

View products that this article applies to.
Article ID:241361
Last Review:January 25, 2007
Revision:4.1
This article was previously published under Q241361

SUMMARY

Microsoft has released an update to Internet Explorer that addresses a potential security vulnerability that may be posed by several ActiveX controls that are included with Internet Explorer 4.x and 5.

Back to the top

MORE INFORMATION

This problem in resolved in Internet Explorer 5.01 and later. Microsoft recommends that you upgrade to the latest version of Internet Explorer to resolve this problem.

For additional information about how to determine which version of Internet Explorer you are using, click the following article number to view the article in the Microsoft Knowledge Base:
164539 (http://support.microsoft.com/kb/164539/EN-US/) How to Determine Which Version of Internet Explorer Is Installed
For additional information about how to obtain the latest version of Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:
267954 (http://support.microsoft.com/kb/267954/EN-US/) How to Obtain the Latest Internet Explorer 5.5 Service Pack
For additional information about how to obtain the latest version of Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:
328548 (http://support.microsoft.com/kb/328548/EN-US/) How to Obtain the Latest Internet Explorer 6 Service Pack
When this problem occurs, the ActiveX controls at issue are incorrectly marked as "safe for scripting." The "safe for scripting" denotation indicates that a control is verifiably unable to take harmful action on a user's computer, and can be safely called from a Web site without asking the user's permission. However, these controls should not have been marked as "safe for scripting," because they can take action that could be misused to cause harm. The following list describe these controls:
Kodak Image Edit: Wang Imaging
Kodak Image Annotation: Wang Imaging
Kodak Image Scan: Wang Imaging
Kodak Thumbnail Image: Wang Imaging
Wang Image Admin: Wang Imaging
HHOpen: HTML help files
Registration Wizard: Internet Explorer Product Registration
IE Active Setup: Internet Explorer Setup
Internet Explorer 5.01 and later versions prevent these unsafe ActiveX controls from running in Internet Explorer by setting the "kill bit" for each control. The kill bit is a flag that prevents Web sites from being able to load and run a particular ActiveX control. For additional information about the kill bit, click the following article number to view the article in the Microsoft Knowledge Base:
240797 (http://support.microsoft.com/kb/240797/EN-US/) How to Stop an ActiveX Control from Running in Internet Explorer

Back to the top

REFERENCES

http://www.microsoft.com/TechNet/security/bulletin/ms99-037.asp (http://www.microsoft.com/TechNet/security/bulletin/ms99-037.asp)

Back to the top

APPLIES TO
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 4.01 Service Pack 2
Microsoft Internet Explorer 4.01 128-Bit Edition
Microsoft Internet Explorer 4.01 Service Pack 1
Microsoft Internet Explorer 4.0 128-Bit Edition

Back to the top

Keywords: 
kbinfo KB241361

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.