Microsoft KB Archive/241361

= Update Available for Vulnerabilities in ActiveX Controls Issue =

Article ID: 241361

Article Last Modified on 1/25/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 4.01 Service Pack 1
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 4.0 128-Bit Edition

-



This article was previously published under Q241361



SUMMARY
Microsoft has released an update to Internet Explorer that addresses a potential security vulnerability that may be posed by several ActiveX controls that are included with Internet Explorer 4.x and 5.



MORE INFORMATION
This problem in resolved in Internet Explorer 5.01 and later. Microsoft recommends that you upgrade to the latest version of Internet Explorer to resolve this problem.

For additional information about how to determine which version of Internet Explorer you are using, click the following article number to view the article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

For additional information about how to obtain the latest version of Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

267954 How to Obtain the Latest Internet Explorer 5.5 Service Pack

For additional information about how to obtain the latest version of Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Internet Explorer 6 Service Pack

When this problem occurs, the ActiveX controls at issue are incorrectly marked as "safe for scripting." The "safe for scripting" denotation indicates that a control is verifiably unable to take harmful action on a user's computer, and can be safely called from a Web site without asking the user's permission. However, these controls should not have been marked as "safe for scripting," because they can take action that could be misused to cause harm. The following list describe these controls:
 * Kodak Image Edit: Wang Imaging
 * Kodak Image Annotation: Wang Imaging
 * Kodak Image Scan: Wang Imaging
 * Kodak Thumbnail Image: Wang Imaging
 * Wang Image Admin: Wang Imaging
 * HHOpen: HTML help files
 * Registration Wizard: Internet Explorer Product Registration
 * IE Active Setup: Internet Explorer Setup

Internet Explorer 5.01 and later versions prevent these unsafe ActiveX controls from running in Internet Explorer by setting the "kill bit" for each control. The kill bit is a flag that prevents Web sites from being able to load and run a particular ActiveX control. For additional information about the kill bit, click the following article number to view the article in the Microsoft Knowledge Base:

240797 How to Stop an ActiveX Control from Running in Internet Explorer

