Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)


View products that this article applies to.

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

↑ Back to the top


Symptoms

After you install cumulative security update 896688 (MS05-052), a Web page that contains a custom Microsoft ActiveX control does not load as expected in the products that are listed in the "Applies To" section.

This issue occurs when the Web page that contains the ActiveX control is located in the Internet zone. If the Web page is in the intranet zone or is a Trusted site, the ActiveX control loads as expected.

↑ Back to the top


Cause

Security update MS05-052 introduces additional checks before a Microsoft Component Object Model (COM) object can run in Microsoft Internet Explorer. The intent of this change is to prevent COM objects that were not designed to be instantiated in Internet Explorer from being instantiated in Internet Explorer. One of the checks that is introduced with MS05-052 is that Internet Explorer now checks for the IObjectSafety interface for ActiveX controls in the Internet zone before a COM object can run in Internet Explorer.

↑ Back to the top


Resolution

To resolve this issue, recompile the ActiveX control. Then, mark the control as safe for scripting and safe for initialization when the control is run in the context of an Internet browser.

For more information about how to mark an MFC ActiveX control as safe for scripting and initialization, click the following article number to view the article in the Microsoft Knowledge Base:
161873 How to mark MFC ActiveX controls as Safe for Scripting and Initialization

↑ Back to the top


Workaround

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Warning If you edit the metabase incorrectly, you can cause serious problems that may require you to reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk.

Note Always back up the metabase before you edit it.


Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


To work around this issue, use one of the following methods:

Set the safe for scripting and safe for initialization value in the registry

If you cannot recompile the ActiveX control, but the control developer classifies the ActiveX control as safe for scripting and safe for initialization, you can use one of the following registry values to mark the ActiveX control as safe for scripting and safe for initialization:
  • {7DD95801-9882-11CF-9FA9-00AA006C42C4}
  • {7DD95802-9882-11CF-9FA9-00AA006C42C4}
For example, if the CLSID for the ActiveX control is {A697E83F-3B53-11D1-8AE4-006097ED2008}, you can add one of the following registry values to mark the ActiveX control as safe for scripting and safe for initialization:
  • HKEY_CLASSES_ROOT\CLSID\{A697E83F-3B53-11D1-8AE4-006097ED2008}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
  • HKEY_CLASSES_ROOT\CLSID\{A697E83F-3B53-11D1-8AE4-006097ED2008}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

Move the Web site to a different zone

If the Web site can be trusted, you can move the Web site to a more trusted zone. For more information about how to add a Web site to a security zone, visit the following Microsoft Web site:

Set the ActiveX compatibility value in the registry

You can set the ActiveX compatibility flag in the registry. To do this, follow these steps:
  1. Click Start, click Run, type Regedit.exe, and then click OK.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility
  3. Right-click ActiveX Compatibility, point to New, click Key, type the CLSID for the ActiveX control, and then press ENTER.
  4. Right-click the key that you created in step 3, point to
    New, and then click DWORD Value.
  5. Type Compatibility Flags, and then press ENTER.
  6. Right-click Compatibility Flags, and then click Modify.
  7. In the Value data box, type
    00800000, and then click OK.
  8. Quit Registry Editor.

↑ Back to the top


References

For more information about cumulative security update MS05-052, click the following article number to view the article in the Microsoft Knowledge Base:
896688 MS05-052: Cumulative security update for Internet Explorer

For more information about the IObjectSafety interface, visit the following Microsoft Developer Network (MSDN) Web site:

↑ Back to the top


Keywords: kbactivexscript, kbentirenet, kbinetdev, kbtshoot, kbprb, kb

↑ Back to the top

Article Info
Article ID : 909738
Revision : 4
Created on : 8/1/2019
Published on : 8/1/2019
Exists online : False
Views : 863