Update Available for "Legacy ActiveX Control" Issue

• Microsoft Internet Explorer versions 3.0, 3.01, 3.02, 4.0, 4.01, 4.01 Service Pack 1, 4.01 Service Pack 2, 5 for Windows NT 4.0
• Microsoft Internet Explorer versions 3.0, 3.01, 3.02, 4.0, 4.01, 4.01 Service Pack 1, 4.01 Service Pack 2, 5 for Windows 95
• Microsoft Internet Explorer versions 4.01 Service Pack 2, 5 for Windows 98

SUMMARY

A potential security vulnerability has been found in the Preloader ActiveX control. This control could be used by a malicious Web site administrator to obtain a list of files from your local hard disk. This control has been removed from the Microsoft Web site, and a patch has been issued that does not permit use of this control. Additional information about this issue is available from the following Microsoft Web sites:

http://www.microsoft.com/security/bulletins/ms99-018.asp

http://www.microsoft.com/windows/ie/security/favorites.asp

• Microsoft Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 4.01 Service Pack 2, 5 for Windows NT 4.0



• Microsoft Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 4.01 Service Pack 2, 5 for Windows 95



• Microsoft Internet Explorer versions 4.01 Service Pack 2, 5 for Windows 98

MORE INFORMATION

The ActiveX preloader control previously found at http://activex.microsoft.com/controls/iexplorer/x86/iepreld.cab has been removed and its class ID has been removed from the registry. The control will not be updated or replaced. This update also resolves the "Malformed Favorites Icon" security issue documented in the following article in the Knowledge Base:

Q231450 Update Available for the "Malformed Favorites Icon" Issue

Additional query words: 1.0 1.00 2.0 2.00 3.00 4.00 5.0 5.00

Keywords          : kbenv msiew95 msient msiew98 
Version           : WINDOWS:3.0,3.01,3.02,4.0,4.01,4.01 Service Pack 1,4.01 Service Pack 2,5
Platform          : WINDOWS 
Issue type        : kbprb 

Last Reviewed: June 7, 1999