Update Available for "Legacy ActiveX Control" Issue (231452)


The information in this article applies to:

  • Microsoft Internet Explorer 5.0 for Windows NT 4.0
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0 SP 2
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0 SP 1
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0
  • Microsoft Internet Explorer 4.0 for Windows NT 4.0
  • Microsoft Internet Explorer 3.02 for Windows NT 4.0
  • Microsoft Internet Explorer 3.01 for Windows NT 4.0
  • Microsoft Internet Explorer 3.0 for Windows NT 4.0
  • Microsoft Internet Explorer 5.0 for Windows 98
  • Microsoft Internet Explorer 4.01 for Windows 98 SP 2
  • Microsoft Internet Explorer 4.01 for Windows 98 SP 1
  • Microsoft Internet Explorer 4.01 for Windows 98
  • Microsoft Internet Explorer 4.0 for Windows 98
  • Microsoft Internet Explorer 5.0 for Windows 95
  • Microsoft Internet Explorer 4.01 for Windows 95 SP 2
  • Microsoft Internet Explorer 4.01 for Windows 95 SP 1
  • Microsoft Internet Explorer 4.01 for Windows 95
  • Microsoft Internet Explorer 4.0 for Windows 95
  • Microsoft Internet Explorer 3.02 for Windows 95
  • Microsoft Internet Explorer 3.01 for Windows 95
  • Microsoft Internet Explorer 3.0 for Windows 95
This article was previously published under Q231452
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SUMMARY

A potential security vulnerability has been found in the Preloader ActiveX control. This control could be used by a malicious Web site administrator to obtain a list of files from your local hard disk. This control has been removed from the Microsoft Web site, and updates are available that prevent this control from running in Internet Explorer. For more information about this issue, visit the following Microsoft Web site:

http://www.microsoft.com/TechNet/security/bulletin/ms99-018.asp

MORE INFORMATION

This problem is resolved in Internet Explorer 5.01 and later. Microsoft recommends that you upgrade to the latest version of Internet Explorer to resolve this problem. For additional information about how to determine the version of Internet Explorer that is installed on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

For additional information about how to obtain the latest version of Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

267954 How to Obtain the Latest Internet Explorer 5.5 Service Pack

For additional information about how to obtain the latest version of Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Internet Explorer 6 Service Pack

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To verify that you are not vulnerable to this security issue, follow these steps:
  1. Use Registry Editor to locate and then click the following key in the Windows registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\

  2. Make sure that the {16E349E0-702C-11CF-A3A9-00A0C9034920} key exists under the ActiveX Compatibility key. If the {16E349E0-702C-11CF-A3A9-00A0C9034920} key does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click Key.
    2. Type {16E349E0-702C-11CF-A3A9-00A0C9034920}, and then press ENTER.
  3. Click the {16E349E0-702C-11CF-A3A9-00A0C9034920} key, and then in the right pane, make sure that the Compatibility Flags registry value exists. If the Compatibility Flags value does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click Binary (Windows 95 or Windows 98) or DWORD Value (Windows NT 4.0).
    2. Type Compatibility Flags, and then press ENTER.
  4. In the right pane, double-click the Compatibility Flags value, and then make sure that the setting for the value is either 00,04,00,00 (Windows 95 or Windows 98) or 0x00,04,00,00 (Windows NT 4.0).
If the {16E349E0-702C-11CF-A3A9-00A0C9034920} key does not exist, if the Compatibility Flags value does not exist, or if the Compatibility Flags value is not set to 00,04,00,00 (Windows 95 or Windows 98) or 0x00,04,00,00 (Windows NT 4.0), you may be vulnerable to the Legacy ActiveX control issue.
Modification Type:MajorLast Reviewed:10/13/2003
Keywords:kbenv kbprb KB231452
©2003 Microsoft Corporation. All rights reserved.