Update Available for Vulnerabilities in ActiveX Controls Issue

ID: Q241361

The information in this article applies to:
  • Microsoft Internet Explorer versions 4.01 Service Pack 2, 5 for Windows 95
  • Microsoft Internet Explorer versions 4.01 Service Pack 2, 5 for Windows NT 4.0
  • Microsoft Internet Explorer versions 4.01 Service Pack 2, 5 for Windows 98
  • Microsoft Windows 98 Second Edition

SUMMARY

Microsoft has released an update to Internet Explorer that addresses a potential security vulnerability posed by several ActiveX controls that are included with Internet Explorer 4.x and 5.

NOTE: This problem is resolved in Microsoft Internet Explorer 5.01.


MORE INFORMATION

To obtain the update for the vulnerabilities in ActiveX controls issue, download and install the appropriate Q241361.exe file for your computer from the following Microsoft Web site:

http://www.microsoft.com/msdownload/iebuild/iefav/en/iefav.htm
After you install the update for the vulnerabilities in ActiveX controls issue, "Q241361" is added to the Update Versions line when you click About Internet Explorer on the Help menu in Internet Explorer.

NOTE: The Q241361.exe file also contains the previously released updates to address the "Legacy ActiveX Control" issue and ImportExportFavorites issue. For additional information about these updates, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q231452 Update Available for "Legacy ActiveX Control" Issue
Q241362 Update Available for ImportExportFavorites Issue
For more information, please see the following Microsoft Security Bulletin:
http://www.microsoft.com/security/bulletins/MS99-037.asp
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
http://www.microsoft.com/security/
Updates are available for the following products:
  • Internet Explorer 4.01 Service Pack 2 for Windows 95, Windows 98, and Windows NT 4.0 (x86 and Alpha platforms)


  • Internet Explorer 5 for Windows 95, Windows 98, and Windows NT 4.0 (x86 and Alpha platforms)


NOTE: If you are running Internet Explorer 4.0, 4.01, or 4.01 Service Pack 1, Microsoft recommends that you upgrade to Internet Explorer 5 or Internet Explorer 4.01 Service Pack 2 and apply this update. You can obtain Internet Explorer 5 or Internet Explorer 4.01 Service Pack 2 from either of the following Microsoft Web sites:
http://www.microsoft.com/windows/ie/download/windows.htm
http://windowsupdate.microsoft.com
The update addresses potential security issues within several ActiveX controls. These ActiveX controls are incorrectly marked as "safe for scripting" and can therefore be called from Internet Explorer. A Web site could make use of these controls to perform malicious activities. This update prevents the following ActiveX controls from being used by a script on a Web page:
  • Internet Explorer Active Setup: Internet Explorer Setup
  • HHOpen: HTML help files
  • Registration Wizard: Internet Explorer Product Registration
  • Wang Image Admin: Wang Imaging
  • Kodak Image Edit: Wang Imaging
  • Kodak Image Annotation: Wang Imaging
  • Kodak Image Scan: Wang Imaging
  • Kodak Thumbnail Image: Wang Imaging
For additional informationabout stopping an ActiveX control from running in Internet Explorer, click the article number below to view the article in the Microsoft Knowledge Base:
Q240797 How to Stop an ActiveX Control from Running in Internet Explorer

Additional query words:

Keywords : msiew95 msient msiew98
Version : WINDOWS:4.01 Service Pack 2,5
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: November 25, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.