After you install Microsoft security update 896358
(MS05-026), Web applications that use the HTML Help ActiveX control (HHCTRL) to
enable cross-frame navigation may not work correctly. The content that should
be displayed in a different frame may be displayed in the same frame that
contains the HTML Help ActiveX control. Note
This issue is relevant only if the registry has been modified so
that URLs or Microsoft Internet Explorer security zones are authorized to host
the HHCTRL. Otherwise, the HHCTRL is disabled by security update 890175
This article contains information that is supplemental to the
following Microsoft Knowledge Base articles:
MS05-001: Vulnerability in HTML Help could allow code execution
Certain Web sites and HTML Help features may not work after you install security update 896358 or security update 890175
MS05-026: A vulnerability in HTML Help could allow remote code execution
Security update 896358 disables cross-frame navigation
because the feature is a potential security vulnerability. This restricted
capability is an expected and intended effect of installing the security
update. Depending on the URLs and Internet Explorer security zones that you
have enabled to use the HHCTRL, you may want to re-enable this feature.
The symptoms of this issue are an expected and intended effect of
installing the security update. This workaround may make the computer more
vulnerable to the threats that security update 896358 addresses. The safest
course is not to use this workaround.Important
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
Consumers and non-enterprise customers
To re-enable cross-frame navigation, follow these steps:
- Click Start, click Run,
type regedit, and then click OK.
- Locate and then right-click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictionsNote You must create the key if the key does not already
- Point to New, click DWORD
Value, type EnableFrameNavigationInSafeMode to
name the registry entry, and then press ENTER.
Modify, type 1 in the Value
data box, and then click OK.
To use Group Policy to re-enable cross-frame navigation across a
domain, follow these steps:
- Paste the following text into a text editor, such as
- Save the file as Hhctrl.reg.
- Copy the following text, and then paste it into a text
editor, such as Notepad:
REGEDIT.EXE /S Hhctrl.reg
- Save the file as Hhctrl.bat.
Note Before you deploy the batch file, make sure that the batch file
works correctly by testing the file on a computer.
- Import the batch file into the Group Policy object (GPO).
To do this, follow these steps:
- Copy the Hhctrl.bat file and the Hhctrl.reg file to
\SysVol\DomainName\Policies\GUID of the
selected GPO\Machine\Scripts\Startup folder.
- Start the Active Directory Users and Computers snap-in.
To do this, click Start on a domain controller, click
Run, type dsa.msc, and then click
- Right-click the domain, click
Properties, and then click the Group Policy
- Click New, type a descriptive name for
the new Group Policy object (GPO), and then press ENTER. For example, click
New, type re-enable cross-frame
navigation, and then press ENTER.
- Click Edit to modify the new GPO that
you created in step 5d.
- Expand Computer configuration, expand
Windows Settings, click
Scripts(Startup/Shutdown), click Startup, and
then click Add.
- Locate and then click the batch file that you created
in step 4, and then click Add.
- Click OK, click Yes,
and then click OK two times.
Overview and examples for system administrators
For more information about security update 896358, click
the following article number to view the article in the Microsoft Knowledge
MS05-026: Vulnerability in HTML Help could allow remote code execution
For more information about Group Policy, visit the following
Microsoft Web sites:
Technical support for x64-based versions of Microsoft Windows
On computers that are running x64-based versions of Microsoft
Windows, you may have to adapt the instructions in the
"Resolution" section about how to modify the registry. For example, you might
have to modify a different part of the registry, depending on whether you want
to modify the 32-bit or the 64-bit functionality.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Registry changes in x64-based versions of Windows Server 2003 and Windows XP Professional x64 Edition
Your hardware manufacturer provides
technical support and assistance for x64-based versions
of Windows. Your hardware manufacturer provides
support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have
customized the installation of Windows with unique components.
Unique components might include specific device drivers or might include
optional settings to maximize the performance of the hardware. Microsoft will
provide reasonable-effort assistance if you need technical help with your
x64-based version of Windows. However, you might have to contact your
manufacturer directly. Your manufacturer is best qualified to support the
software that your manufacturer installed on the hardware.
information about Microsoft Windows XP Professional x64 Edition, visit the
following Microsoft Web site:
For product information about x64-based versions of Microsoft
Windows Server 2003, visit the following Microsoft Web site:
for other considerations.