Re: Problem with latest security update kb891781 (dhtmled.ocx update)

From: Jon Kennedy (jkennedy2_at_carolina.rr.com)
Date: 02/15/05 

Date: Mon, 14 Feb 2005 20:28:41 -0500

http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx
>From the "General Information" section:

What is the Local Machine zone lockdown?
In Windows XP Service Pack 2, all local files and content that are processed
by Internet Explorer has additional security applied to it in the Local
Machine zone. This feature restricts HTML in the Local Machine zone. This
feature also restricts HTML that is hosted in Internet Explorer. These
restrictions help mitigate attacks where the Local Machine zone is used as
an attack vector to load malicious HTML code.

Because of this change, ActiveX script in local HTML pages that are viewed
inside Internet Explorer will not run. Also, script in local HTML pages that
are viewed inside Internet Explorer prompts the user for permission to run.

For how to change the local machine zone security settings, see this
article:

How to strengthen the security settings for the Local Machine zone in
Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;en-us;833633 

-- 
Jon R. Kennedy
Charlotte, NC, USA
jkennedy2@carolina.rr.com
"genX" <genX@discussions.microsoft.com> wrote in message 
news:ED177C04-C595-49E7-A2D7-4B3622741F51@microsoft.com...
> Hi,
> today I've installed latest security update kb891781, which caused, that 
> our
> application for web content management that uses MSHTML editing ActiveX
> control dhtmled.ocx, stops work. Our application is developed in Delphi 
> and
> uses this component for content managing.
> I found the problem (after tracing some debug info)- the application
> couldn't get access to the DOM (IHtmlEditDocument2 interface) through
> IHTMLEdit interface, so it raised the exception "Unknown interface".
> I didn't find any workaround than uninstall this security fix. Then
> everything was OK as before. Of course, I spent some time with security
> settings in IE - I enabled almost everything, but nothing helped.
>
> I tried to find whether some other has the same problem and I found some
> polish application based on this component having the same trouble.
>
> Does anybody has any idea where the problem is?
> Thanx.

Relevant Pages

  • Re: Problem with latest security update kb891781 (dhtmled.ocx upda
    ... or the interfaces have been altered and the way you now ... >> by Internet Explorer has additional security applied to it in the Local ... This feature restricts HTML in the Local Machine zone. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: BUG with RES/SCRIPT/XP-SP2
    ... unless you are logged on with admin privileges. ... least address how to get the "Mark as Web" to work for CDHtmlDialog. ... Cause if no one has such super ultra high security to ... which will let one override the Local Machine Zone ...
    (microsoft.public.vc.mfc)
  • Re: BUG with RES/SCRIPT/XP-SP2
    ... least address how to get the "Mark as Web" to work for CDHtmlDialog. ... Cause if no one has such super ultra high security to ... I just can't imagine why any script would be allowed to bypass security. ... which will let one override the Local Machine Zone ...
    (microsoft.public.vc.mfc)
  • BUG with RES/SCRIPT/XP-SP2
    ... This security feature is called the "Local Machine Zone Lockdown". ... past week since I started posting problems with the RES Protocol, SCRIPT ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
    (microsoft.public.vc.mfc)
  • Re: BUG with RES/SCRIPT/XP-SP2
    ... I consider JavaScript (known to security people as JavaVirus) as one of the Really Top ... to have a bad script cause damage to my machine. ... This security feature is called the "Local Machine Zone Lockdown". ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
    (microsoft.public.vc.mfc)