You are currently offline, waiting for your internet to reconnect

A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
SYMPTOMS
After you install cumulative security update 896688 (MS05-052), a Web page that contains a custom Microsoft ActiveX control does not load as expected in the products that are listed in the "Applies To" section.

This issue occurs when the Web page that contains the ActiveX control is located in the Internet zone. If the Web page is in the intranet zone or is a Trusted site, the ActiveX control loads as expected.
CAUSE
Security update MS05-052 introduces additional checks before a Microsoft Component Object Model (COM) object can run in Microsoft Internet Explorer. The intent of this change is to prevent COM objects that were not designed to be instantiated in Internet Explorer from being instantiated in Internet Explorer. One of the checks that is introduced with MS05-052 is that Internet Explorer now checks for the IObjectSafety interface for ActiveX controls in the Internet zone before a COM object can run in Internet Explorer.
RESOLUTION
To resolve this issue, recompile the ActiveX control. Then, mark the control as safe for scripting and safe for initialization when the control is run in the context of an Internet browser.

For more information about how to mark an MFC ActiveX control as safe for scripting and initialization, click the following article number to view the article in the Microsoft Knowledge Base:
161873 How to mark MFC ActiveX controls as Safe for Scripting and Initialization
WORKAROUND
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Warning If you edit the metabase incorrectly, you can cause serious problems that may require you to reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk.

Note Always back up the metabase before you edit it.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


To work around this issue, use one of the following methods:

Set the safe for scripting and safe for initialization value in the registry

If you cannot recompile the ActiveX control, but the control developer classifies the ActiveX control as safe for scripting and safe for initialization, you can use one of the following registry values to mark the ActiveX control as safe for scripting and safe for initialization:
  • {7DD95801-9882-11CF-9FA9-00AA006C42C4}
  • {7DD95802-9882-11CF-9FA9-00AA006C42C4}
For example, if the CLSID for the ActiveX control is {A697E83F-3B53-11D1-8AE4-006097ED2008}, you can add one of the following registry values to mark the ActiveX control as safe for scripting and safe for initialization:
  • HKEY_CLASSES_ROOT\CLSID\{A697E83F-3B53-11D1-8AE4-006097ED2008}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
  • HKEY_CLASSES_ROOT\CLSID\{A697E83F-3B53-11D1-8AE4-006097ED2008}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

Move the Web site to a different zone

If the Web site can be trusted, you can move the Web site to a more trusted zone. For more information about how to add a Web site to a security zone, visit the following Microsoft Web site:

Set the ActiveX compatibility value in the registry

You can set the ActiveX compatibility flag in the registry. To do this, follow these steps:
  1. Click Start, click Run, type Regedit.exe, and then click OK.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility
  3. Right-click ActiveX Compatibility, point to New, click Key, type the CLSID for the ActiveX control, and then press ENTER.
  4. Right-click the key that you created in step 3, point to New, and then click DWORD Value.
  5. Type Compatibility Flags, and then press ENTER.
  6. Right-click Compatibility Flags, and then click Modify.
  7. In the Value data box, type 00800000, and then click OK.
  8. Quit Registry Editor.
REFERENCES
For more information about cumulative security update MS05-052, click the following article number to view the article in the Microsoft Knowledge Base:
896688 MS05-052: Cumulative security update for Internet Explorer
For more information about the IObjectSafety interface, visit the following Microsoft Developer Network (MSDN) Web site:
ms05-052 safe IObjectSafety initialize internet intranet zone trusted
Properties

Article ID: 909738 - Last Review: 10/11/2007 02:37:45 - Revision: 2.9

Microsoft Internet Explorer 6.0 SP1, Microsoft Internet Explorer 6.0, Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 5.01 SP4

  • kbactivexscript kbinetdev kbtshoot kbprb KB909738
Feedback