eliminates a vulnerability that could allow a malicious user to embed an unsafe executable within an e-mail message and disguise it as a safe type of attachment.
Through a complicated series of steps, the unsafe executable could be made to execute under certain conditions if the user opened the attachment.
A particular ActiveX control enables cabinet (CAB) files to be launched and executed. This could let an HTML e-mail message contain a malicious cabinet file, disguised as a file of an innocuous type.
If a user attempted to open this file, the operation would fail, but depending on the e-mail client, could leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the e-mail message to execute the malicious code.
The vulnerability could only be exploited in cases where an e-mail client allowed scripts in HTML format, and stored temporary copies of launched applications in known locations.
The patch restricts the ability of the control to launch unsigned cabinet files that have been downloaded from the local machine.
Microsoft Internet Explorer and quot;Active Setup Control and quot; Vulnerability Patch runs on
Windows 95/98/Me/NT/2000/Windows 10/11
and is available under the
Freeware
license
— the installer is 283 KB.
We’ve catalogued it under
Browsers.
✓
Verified clean. Every Microsoft Internet Explorer and quot;Active Setup Control and quot; Vulnerability Patch build on SoftLookup is scanned for viruses, spyware, adware, trojans and backdoors. We re-test on every update.
Help fellow users decide. Share your experience with Microsoft Internet Explorer and quot;Active Setup Control and quot; Vulnerability Patch.