MS08-008: Description of the security update for Microsoft Visual Basic 6.0: February 12, 2008

This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has released security bulletin MS08-008. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support

Important change in this update

Since Visual Basic 6.0 Service Pack 6 (SP6), the Visual Basic Package and Deployment Wizard obtains the Oleaut32.dll file from the following location:
[VB Installation Dir]\Wizards\PDWizard\Redist\
This folder contained a single copy of Oleaut32.dll, which could be used by software vendors and developers for all the operating systems that are supported by Visual Basic 6.

This security update contains multiple, operating system specific versions of the Oleaut32.dll file. The security update creates new folders under the previous Redist folder. The operating system specific versions of Oleaut32.dll are copied to these folders as follows:
Operating system Folder
Windows NT 4 [VB Installation Dir]\Wizards\PDWizard\Redist\NT4\
Windows NT 4 Terminal Server [VB Installation Dir]\Wizards\PDWizard\Redist\NT4TS\
Windows 2000 [VB Installation Dir]\Wizards\PDWizard\Redist\Win2000\
Windows Server 2003 [VB Installation Dir]\Wizards\PDWizard\Redist\WinServer2003\
Windows Server 2003 SP1 [VB Installation Dir]\Wizards\PDWizard\Redist\WinServer2003SP1\
Windows Server 2003 SP2 [VB Installation Dir]\Wizards\PDWizard\Redist\WinServer2003SP2\
Windows XP SP1 [VB Installation Dir]\Wizards\PDWizard\Redist\WinXPSP1\
Windows XP SP2 [VB Installation Dir]\Wizards\PDWizard\Redist\WinXPSP2\
Windows Vista [VB Installation Dir]\Wizards\PDWizard\Redist\Vista\
Note If you have previously installed security update 924053, you already have multiple versions of Oleaut32.dll installed. In that case the only change is newer versions of the various binaries for the different operating systems. Security update 924053 is described in security bulletin MS07-043. For more information about security update 924053, click the following article number to view the article in the Microsoft Knowledge Base:
924053MS07-043: Description of security update for the Visual Basic 6.0 redistributable

Frequently asked questions (FAQ) about this update

Q1: I am a software vendor and I package and redistribute Oleaut32.dll with my application. What does this change mean for me?

A1: The change in the way that Oleaut32.dll is not shipped means that if you are a software vendor and you have to package and redistribute Oleaut32.dll in your applications, you cannot ship a single file for all target operating systems your application will run on. You will have to ship a different version of Oleaut32.dll based on the target operating system your package will be installed on.

Note We recommend that you do not obtain the copy of Oleaut32.dll from your \System32\ folder. That version has been tested to work only on that particular operating system.

For example, if the computer for which you are developing and packaging your application is running Windows XP, and you obtain the copy of Oleaut32.dll from your \System32 folder, your application will not run on anything other than Windows XP. For example, your application will not run on Windows Server 2003. Therefore, we strongly recommended that you use the following process when you package and bundle Oleaut32.dll for redistribution with your application:
  • Identify the version of the operating system(s) your application will run on.
  • Decide whether you want to build multiple packages and setups for all targeted operating systems or one single package that addresses all operating systems.
  • If you want to build multiple packages and setups for your application one per target operating system:
    • Each package and setup has to bundle up the correct version of Oleaut32.dll. The folder from which you obtain the file is decided by the operating system the particular package and setup is built for.
    • Make sure that the package detects the operating system at installation time and installs only when the correct operating system is detected
  • If you want to build a single package and setup for your application for all operating systems:
    • The package setup has to bundle all the different versions of Oleaut32.dll
    • During installation, the package and setup have to detect the targeted operating system and choose the correct copy of Oleaut32.dll to be installed.
Visual Basic VB 6.0 946235 oleaut32.dll security update patch bug flaw vulnerability malicious attacker exploit WinNT Win2000 Win2003 WinXP Vista

Article ID: 946235 - Last Review: 01/16/2015 09:33:00 - Revision: 5.0

  • Microsoft Visual Basic 6.0 Professional Edition
  • Microsoft Visual Basic 6.0 Enterprise Edition
  • kbnosurvey kbarchive kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix KB946235