Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

An ActiveX control may be downloaded two times when you visit a Web page that includes the control in Internet Explorer 6

View products that this article applies to.


Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows Server 2003 Service Pack 1 (SP1) add a new feature to Microsoft Internet Explorer 6: the information bar. The information bar is a gold bar that appears just under the address bar. The information bar provides information about downloads, blocked pop-up windows, potential security risks, and other activities. The information bar feature includes the ActiveX control auto-blocking feature. This feature uses the information bar to ask you whether you want to install an ActiveX control. Under certain conditions, an ActiveX control may be downloaded two times when you visit a Web page that includes the control.

↑ Back to the top

More information

When you visit a Web page that requires an ActiveX control, Internet Explorer downloads the ActiveX control before the information bar is loaded. However, Internet Explorer does not store the control in the system cache at this point. Instead, the ActiveX control auto-blocking feature asks whether you want to install the ActiveX control. If you want to install the control, Internet Explorer downloads the control again, and then prompts you to install it.

The ActiveX control must be downloaded so that Internet Explorer can verify that the control's signature is valid and that the control is not blocked. Internet Explorer must also obtain the publisher's name to display in the information bar. Internet Explorer cannot ask whether you want to install the control until it finishes these tasks.

The ActiveX control auto-blocking feature helps keep the computer secure by deleting the ActiveX control if it cannot be processed correctly. This procedure helps prevent malicious users from downloading executable content to the computer and running the content from the cache. If a control is blocked, trust verification for the control cannot be completed. Therefore, the control is deleted.

By default, the ActiveX control auto-blocking feature removes an ActiveX control from the computer. An ActiveX control may be downloaded any number of times. However, the typical ActiveX control is either small or can be implemented as an installation stub that downloads the complete ActiveX control when it is run.

To work around this behavior so that an ActiveX control is not downloaded from a Web site two times, you can add the Web site to the trusted zone in Internet Explorer.

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

For more information about how to add a Web site to a security zone, visit the following Microsoft Web sites: For more information about security zones, click the following article number to view the article in the Microsoft Knowledge Base:
174360� How to use security zones in Internet Explorer

↑ Back to the top

Keywords: KB922659, kbinfo, kbwebbrowser, kbsecvulnerability, kbtshoot

↑ Back to the top

Article Info
Article ID : 922659
Revision : 5
Created on : 2/7/2007
Published on : 2/7/2007
Exists online : False
Views : 289