! ! 0 Junior Poster Banned

The two most recent IE security updates, MS05-038 and MS05-052, include defense-in-depth improvements that help prevent malicious web pages from loading and manipulating ActiveX controls that were not meant to run in IE. Prior to MS05-038 and MS05-052, IE included two main security checks around whether an ActiveX control can load and be manipulated by a web page:

  1. Only allow ActiveX controls to load if they are not in the registry-stored “killbit list
  2. Only allow loaded ActiveX controls to be manipulated if they have implemented IObjectSafety and therefore “promised they can be safely scripted

http://blogs.msdn.com/ie/archive/2005/11/04/489256.aspx

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.