Update Available for Scriptlet.Typelib and Eyedog Security Vulnerability and the BubbleBoy Virus (240308)

MORE INFORMATION

The update eliminates a vulnerability that may allow a malicious Web site operator to take inappropriate actions on your computer. The update is available on both of the following Microsoft Web sites: The Scriptlet.Typelib and Eyedog controls are not related to each other, but both are incorrectly marked as "safe for scripting" and can therefore be called from Internet Explorer.

Developers use the Scriptlet.Typelib control to generate Type Libraries for Windows Scripting Components. The Scriptlet.Typelib control should not be marked "safe for scripting" because it allows local files to be created or modified. The update removes the "safe for scripting" setting, which causes Internet Explorer to prompt you for confirmation before loading the control.

The Eyedog control is used by diagnostic software in Windows. The Eyedog control should not be marked "safe for scripting" because it allows registry information to be queried and computer characteristics to be gathered. In addition, one of the control's methods is vulnerable to a buffer overrun attack. The update prevents the control from loading within Internet Explorer.

The BubbleBoy virus, an Internet worm virus, is a virus that requires Internet Explorer 5 and Microsoft Outlook 2000 or Microsoft Outlook 98 or Microsoft Outlook Express. This virus can be embedded in e-mail messages that are in Hypertext Markup Language (HTML) format and that do not contain any attachments. The update that is described in this article eliminates the security vulnerabilities in the two ActiveX controls; this update prevents the BubbleBoy virus from spreading.

For additional security-related information about Microsoft products, view the following Microsoft Web site: NOTE: This update is included with Internet Explorer 5.01 and later.