FIX: Object Access Error from WebBrowser Control with "Frames Spoof" Fix

This article was previously published under Q214554
This article has been archived. It is offered "as is" and will no longer be updated.
The following error message appears when a Visual Basic application or UserControl hosting a WebBrowser Control attempts to access frames inside a hosted HTML page:
ERROR 424 "Object Required"
This problem occurs only on computers that have had the Frames Spoof patch installed.
After you install the Frames Spoof fix, Internet Explorer prevents programs from scripting across frames, even within the same domain, when hosting the WebBrowser control.
Currently there is no recommended workaround for this bug. Developers should warn their users not to install this Frame Spoof fix if their applications are scripting across frames.
Microsoft has confirmed that this is a bug in the Frames Spoof patch. This bug was corrected in Microsoft Internet Explorer 5. It was also corrected in Internet Explorer 4.01 Service Pack 2.
More information
After you apply the Frames Spoof patch, code that worked previously and that refers to cross-frames elements with a WebBrowser Control will not work as expected.

In this Frames Spoof patch, an updated version of Mshtml.dll (version 4.72.3612.1700) is installed. This updated version of Mshtml.dll prevents programs from referencing cross-frames elements even within the same domain.

A program could access the length of the frame collections; however, if it tries to access the properties or methods of the individual frame, it returns empty instead of the object. The error message mentioned above occurs.

However, if the code does not involve any frames, accessing the DHTML document is not affected.

Also, this patch does not affect scripting inside HTML pages. If you reference an element in another frame using scripts in an Active Server Pages (.asp) or an HTML (.htm) file, your script should work as expected even with the Frame Spoof patch. Only hosts of the WebBrowser control are affected.

Other Information

Since the nature of this Frame Spoof vulnerability is applied to many software versions, this problem might occur in other software versions if this Frame Spoof fix is applied. However, except for the versions that are mentioned above, other platforms are not being tested to confirm with this problem.

The following software versions may be affected by this bug if the Frame Spoof fix is applied:
  • Microsoft Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1 for Windows 95
  • Microsoft Internet Explorer versions 4.01 Service Pack 1 for Windows 98
  • Microsoft Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1 for Windows NT 4.0
  • Microsoft Internet Explorer versions 4.0, 4.01 for Windows 3.1
  • Microsoft Internet Explorer versions 4.0, 4.01 for Windows NT 3.51
The following platforms should not be affected by this bug because the Frame Spoof fix is not currently available for these platforms:
  • Microsoft Internet Explorer versions 3.X, 4.X for Macintosh
  • Microsoft Internet Explorer version 4 for UNIX on HPUX
  • Microsoft Internet Explorer version 4 for UNIX on Sun Solaris
For more information on where to obtain the Frame Spoof fix, please see the following Microsoft Web sites:
167614 Update Available For "Frame Spoof" Security Issue
Error 424 script cross-frame DHTML WebBrowser

Article ID: 214554 - Last Review: 10/26/2013 12:15:00 - Revision: 2.0

Microsoft Internet Explorer 4.01 Service Pack 1

  • kbnosurvey kbarchive kbbug kbdhtml kbfix kbie500fix kbinetdev kbsecbulletin kbsecurity kbwebbrowser KB214554
ERROR: at System.Diagnostics.Process.Kill() at Microsoft.Support.SEOInfrastructureService.PhantomJS.PhantomJSRunner.WaitForExit(Process process, Int32 waitTime, StringBuilder dataBuilder, Boolean isTotalProcessTimeout)