COMMAND

    IE (ActiveX)

SYSTEMS AFFECTED

    Internet Explorer 4.0 and 5.0

PROBLEM

    Steve Loughran found following.  An ActiveX control that was  used
    by previous versions of  IE also was included  in IE 4.0 and  IE 5
    even though it is not used by either. It could be misused to allow
    a  web  site  to  read  the  user's  local  hard drive. The update
    eliminates the vulnerability by removing the control.

SOLUTION

    The  patch,  provided  below  in  What  Customers  Should Do, will
    determine the  version of  IE and   the platform  on which  it  is
    installed, and will apply only  the appropriate fix. As a  result,
    the single patch below is appropriate for use by customers who are
    affected by  either or  both of  the vulnerabilities.    The patch
    can be found at:

        http://www.microsoft.com/windows/ie/security/favorites.asp