Important changes in this security update
In versions of Microsoft Visual Basic 6.0 later than Visual Basic 6.0 Service Pack 6.0 (SP6), the Visual Basic Package and Deployment Wizard obtains the Oleaut32.dll file from the following location:
This folder contains a single copy of the Oleaut32.dll file. This file can be used by software vendors and developers for all operating systems that are supported by Visual Basic 6.0.
This security update contains multiple operating system-specific versions of the Oleaut32.dll file. The security update creates new folders under the original Redist folder. The operating system-specific versions of the Oleaut32.dll file are copied to these folders as shown in the following table:
|Windows Server 2003||VisualBasic_Installation_Folder\Wizards\PDWizard\Redist\WinServer2003|
|Windows Server 2003 SP1||VisualBasic_Installation_Folder\Wizards\PDWizard\Redist\WinServer2003SP1|
|Windows XP SP2||VisualBasic_Installation_Folder\Wizards\PDWizard\Redist\WinXPSP2|
|Windows NT 4.0||VisualBasic_Installation_Folder\Wizards\PDWizard\Redist\NT4|
|Windows NT 4.0 Terminal Server||VisualBasic_Installation_Folder\Wizards\PDWizard\Redist\NT4TS|
What these changes mean for software vendors who package and redistribute the Oleaut32.dll file together with an application
The change in how the Oleaut32.dll file is shipped has the following results. If you are a software vendor who packages and redistributes the Oleaut32.dll file in an application, you cannot ship a single file for all the destination operating systems on which the application runs. Instead, you must ship the version of the Oleaut32.dll file that is appropriate for the particular operating system on which the package will be installed.Note
We recommend that you do not select only the copy of the Oleaut32.dll file that is located in the %WINDIR%\System32 folder. We recommend this because the version that is located in this folder has been tested for use only with the particular operating system.
For example, if you use a Windows XP-based computer to develop and package the application, and if you select the copy of the Oleaut32.dll file that is located in the %WINDIR% \System32 folder on this computer, the application will not run on any operating system other than Windows XP. For example, the application will not run on a Windows Server 2003-based computer.
Therefore, we recommended that you use the following process when you package and bundle the Oleaut32.dll file for redistribution together with an application:
- Determine the operating systems on which the application must run.
- Decide which of the following options you prefer:
- Build separate packages or Setup programs for each destination operating system
- Build a single package or Setup program to handle all the destination operating systems
- If you want to build separate packages or Setup programs for each destination operating system, use the following guidelines:
- Each package or Setup program must bundle the correct version of the Oleaut32.dll file. The folder from which you select the file is decided by the operating system for which the particular package or Setup program is built.
- The package must detect the operating system during the package installation. Additionally, the package must install only when the correct operating system is detected.
- If you want to build a single package or Setup program to handle all destination operating systems, use the following guidelines:
- The package or Setup program must bundle all the different versions of the Oleaut32.dll file.
- During installation, the package or Setup program must detect the destination operating system. Additionally, the package or Setup program must select the correct copy of the Oleaut32.dll file to install.
Update removal information
Updates for Visual Basic 6.0 use the IExpress Microsoft Windows installer. Therefore, these updates cannot be removed.
Command-line switches that are supported by this update
Information about the various command-line switches that are supported by this update is available in the security bulletin that is mentioned in the "Introduction" section.For more information about these command-line switches, click the following article number to view the article in the Microsoft Knowledge Base:
Command-line switches for IExpress software update packages
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000 Visual Basic VB 6.0 oleaut32.dll security update patch bug flaw vulnerability malicious attacker exploit registry WinNT Win2000 Win2003 WinXP !error