Microsoft KB Archive/924053

= MS07-043: Description of security update for the Visual Basic 6.0 redistributable =

Article ID: 924053

Article Last Modified on 12/3/2007

-

APPLIES TO

 Windows Vista Business Windows Vista Enterprise Windows Vista Home Basic Windows Vista Home Premium Windows Vista Ultimate Windows Vista Enterprise 64-bit Edition Windows Vista Home Basic 64-bit Edition Windows Vista Home Premium 64-bit Edition</li> Windows Vista Ultimate 64-bit Edition</li> Windows Vista Starter</li> Windows Vista Business 64-bit Edition</li> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li> Microsoft Windows Server 2003, Web Edition</li> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li> Microsoft Windows Server 2003, Standard x64 Edition</li> Microsoft Windows Server 2003, Enterprise x64 Edition</li> Microsoft Windows Server 2003, Datacenter x64 Edition</li> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li> Microsoft Windows Server 2003 Service Pack 1, when used with: <ul> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul> </li> <li>Microsoft Windows Small Business Server 2003 Premium Edition</li> <li>Microsoft Windows Small Business Server 2003 Standard Edition</li> <li>Microsoft Windows Small Business Server 2003, Standard Edition Service Pack 1 (SP1), when used with: <ul> <li>Microsoft Windows Small Business Server 2003 Premium Edition</li></ul>

<ul> <li>Microsoft Windows Small Business Server 2003 Standard Edition</li></ul> </li> <li>Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)</li> <li>Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)</li> <li>Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)</li> <li>Microsoft Windows Server 2003 R2 Standard x64 Edition</li> <li>Microsoft Windows Server 2003 R2 Enterprise x64 Edition</li> <li>Microsoft Windows Server 2003 R2 Datacenter x64 Edition</li> <li>Microsoft Windows XP Tablet PC Edition 2005</li> <li>Microsoft Windows XP Media Center Edition 2005</li> <li>Microsoft Windows XP Service Pack 2, when used with: <ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Home Edition</li></ul> </li> <li>Microsoft Windows XP Professional x64 Edition</li> <li>Microsoft Windows 2000 Service Pack 4, when used with: <ul> <li>Microsoft Small Business Server 2000 Standard Edition</li></ul> </li> <li>Microsoft Windows 2000 Advanced Server</li> <li>Microsoft Windows 2000 Datacenter Server</li> <li>Microsoft Windows 2000 Professional Edition</li> <li>Microsoft Windows 2000 Service Pack 4</li> <li>Microsoft Visual Basic 6.0 Enterprise Edition</li> <li>Microsoft Visual Basic 6.0 Professional Edition</li> <li>Microsoft Visual Basic 6.0 Learning Edition</li></ul>

-

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS07-043. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-043.mspx

</li></ul>

<div class="moreinformation_section">

Important changes in this security update
In versions of Microsoft Visual Basic 6.0 later than Visual Basic 6.0 Service Pack 6.0 (SP6), the Visual Basic Package and Deployment Wizard obtains the Oleaut32.dll file from the following location:

\Wizards\PDWizard\Redist

This folder contains a single copy of the Oleaut32.dll file. This file can be used by software vendors and developers for all operating systems that are supported by Visual Basic 6.0.

This security update contains multiple operating system-specific versions of the Oleaut32.dll file. The security update creates new folders under the original Redist folder. The operating system-specific versions of the Oleaut32.dll file are copied to these folders as shown in the following table:

What these changes mean for software vendors who package and redistribute the Oleaut32.dll file together with an application
The change in how the Oleaut32.dll file is shipped has the following results. If you are a software vendor who packages and redistributes the Oleaut32.dll file in an application, you cannot ship a single file for all the destination operating systems on which the application runs. Instead, you must ship the version of the Oleaut32.dll file that is appropriate for the particular operating system on which the package will be installed.

Note We recommend that you do not select only the copy of the Oleaut32.dll file that is located in the %WINDIR%\System32 folder. We recommend this because the version that is located in this folder has been tested for use only with the particular operating system.

For example, if you use a Windows XP-based computer to develop and package the application, and if you select the copy of the Oleaut32.dll file that is located in the %WINDIR% \System32 folder on this computer, the application will not run on any operating system other than Windows XP. For example, the application will not run on a Windows Server 2003-based computer.

Therefore, we recommended that you use the following process when you package and bundle the Oleaut32.dll file for redistribution together with an application:
 * 1) Determine the operating systems on which the application must run.
 * 2) Decide which of the following options you prefer:
 * 3) * Build separate packages or Setup programs for each destination operating system
 * 4) * Build a single package or Setup program to handle all the destination operating systems
 * 5) If you want to build separate packages or Setup programs for each destination operating system, use the following guidelines:
 * 6) * Each package or Setup program must bundle the correct version of the Oleaut32.dll file. The folder from which you select the file is decided by the operating system for which the particular package or Setup program is built.
 * 7) * The package must detect the operating system during the package installation. Additionally, the package must install only when the correct operating system is detected.
 * 8) If you want to build a single package or Setup program to handle all destination operating systems, use the following guidelines:
 * 9) * The package or Setup program must bundle all the different versions of the Oleaut32.dll file.
 * 10) * During installation, the package or Setup program must detect the destination operating system. Additionally, the package or Setup program must select the correct copy of the Oleaut32.dll file to install.

Update removal information
Updates for Visual Basic 6.0 use the IExpress Microsoft Windows installer. Therefore, these updates cannot be removed.

Command-line switches that are supported by this update
Information about the various command-line switches that are supported by this update is available in the security bulletin that is mentioned in the &quot;Introduction&quot; section. For more information about these command-line switches, click the following article number to view the article in the Microsoft Knowledge Base:

197147 Command-line switches for IExpress software update packages

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000 Visual Basic VB 6.0 oleaut32.dll security update patch bug flaw vulnerability malicious attacker exploit registry WinNT Win2000 Win2003 WinXP !error

Keywords: kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbpubtypekc KB924053

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.