DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 240308 - Last Review: February 3, 2011 - Revision: 3.7

 
This article was previously published under Q240308

SUMMARY

Microsoft has released an update that eliminates security vulnerabilities in the following two ActiveX controls:
  • Object for constructing type libraries for scriptlets (Scriptlet.Typelib)
  • Eyedog
For more information about these controls, view the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms99-032.mspx (http://www.microsoft.com/technet/security/bulletin/ms99-032.mspx)

MORE INFORMATION

The update eliminates a vulnerability that may allow a malicious Web site operator to take inappropriate actions on your computer. The update is available on both of the following Microsoft Web sites:
ftp://ftp.microsoft.com/peropsys/IE/IE-Public/Fixes/usa/Eyedog-fix (ftp://ftp.microsoft.com/peropsys/IE/IE-Public/Fixes/usa/Eyedog-fix)
-and-
http://update.microsoft.com (http://update.microsoft.com)
The Scriptlet.Typelib and Eyedog controls are not related to each other, but both are incorrectly marked as "safe for scripting" and can therefore be called from Internet Explorer.

Developers use the Scriptlet.Typelib control to generate Type Libraries for Windows Scripting Components. The Scriptlet.Typelib control should not be marked "safe for scripting" because it allows local files to be created or modified. The update removes the "safe for scripting" setting, which causes Internet Explorer to prompt you for confirmation before loading the control.

The Eyedog control is used by diagnostic software in Windows. The Eyedog control should not be marked "safe for scripting" because it allows registry information to be queried and computer characteristics to be gathered. In addition, one of the control's methods is vulnerable to a buffer overrun attack. The update prevents the control from loading within Internet Explorer.

The BubbleBoy virus, an Internet worm virus, is a virus that requires Internet Explorer 5 and Microsoft Outlook 2000 or Microsoft Outlook 98 or Microsoft Outlook Express. This virus can be embedded in e-mail messages that are in Hypertext Markup Language (HTML) format and that do not contain any attachments. The update that is described in this article eliminates the security vulnerabilities in the two ActiveX controls; this update prevents the BubbleBoy virus from spreading.

For additional security-related information about Microsoft products, view the following Microsoft Web site:
http://www.microsoft.com/security (http://www.microsoft.com/security)
NOTE: This update is included with Internet Explorer 5.01 and later.
Keywords: 
kbprb kbvirus KB240308
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support