Microsoft KB Archive/922659

= An ActiveX control may be downloaded two times when you visit a Web page that includes the control in Internet Explorer 6 =

Article ID: 922659

Article Last Modified on 2/7/2007

-

APPLIES TO

 Microsoft Internet Explorer 6.0, when used with:  Microsoft Windows XP Service Pack 2

 Microsoft Windows XP Service Pack 2

 Microsoft Windows Server 2003 Service Pack 1 

-

<div class="notice_section">

<div class="summary_section">

INTRODUCTION
Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows Server 2003 Service Pack 1 (SP1) add a new feature to Microsoft Internet Explorer 6: the information bar. The information bar is a gold bar that appears just under the address bar. The information bar provides information about downloads, blocked pop-up windows, potential security risks, and other activities. The information bar feature includes the ActiveX control auto-blocking feature. This feature uses the information bar to ask you whether you want to install an ActiveX control. Under certain conditions, an ActiveX control may be downloaded two times when you visit a Web page that includes the control.

<div class="moreinformation_section">

MORE INFORMATION
When you visit a Web page that requires an ActiveX control, Internet Explorer downloads the ActiveX control before the information bar is loaded. However, Internet Explorer does not store the control in the system cache at this point. Instead, the ActiveX control auto-blocking feature asks whether you want to install the ActiveX control. If you want to install the control, Internet Explorer downloads the control again, and then prompts you to install it.

The ActiveX control must be downloaded so that Internet Explorer can verify that the control's signature is valid and that the control is not blocked. Internet Explorer must also obtain the publisher's name to display in the information bar. Internet Explorer cannot ask whether you want to install the control until it finishes these tasks.

The ActiveX control auto-blocking feature helps keep the computer secure by deleting the ActiveX control if it cannot be processed correctly. This procedure helps prevent malicious users from downloading executable content to the computer and running the content from the cache. If a control is blocked, trust verification for the control cannot be completed. Therefore, the control is deleted.

By default, the ActiveX control auto-blocking feature removes an ActiveX control from the computer. An ActiveX control may be downloaded any number of times. However, the typical ActiveX control is either small or can be implemented as an installation stub that downloads the complete ActiveX control when it is run.

To work around this behavior so that an ActiveX control is not downloaded from a Web site two times, you can add the Web site to the trusted zone in Internet Explorer.

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

For more information about how to add a Web site to a security zone, visit the following Microsoft Web sites:
 * To assign a Web site to a security zone

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sec_asyn.mspx?mfr=true
 * Improve the safety of your browsing and e-mail activities

http://www.microsoft.com/athome/security/online/browsing_safety.mspx
 * Setting up security zones

http://www.microsoft.com/windows/ie/ie6/using/howto/security/setup.mspx

For more information about security zones, click the following article number to view the article in the Microsoft Knowledge Base:

174360 How to use security zones in Internet Explorer

Keywords: kbtshoot kbsecvulnerability kbwebbrowser kbinfo KB922659

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.