A. M. Software Services, Inc. - Knowledge Base

How to disable the ADODB.Stream object from Internet Explorer

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

An ADO stream object contains methods for reading and writing binary files and text files. When an ADO stream object is combined with known security vulnerabilities in Internet Explorer, a Web site could execute scripts from the Local Machine zone. To help protect your computer from this kind of attack, you can manually modify your registry.

INTRODUCTION

An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.

MORE INFORMATION

Any line-of-business Web application that requires a file to be loaded or to be saved to the hard disk may use the ADODB.Stream object in Internet Explorer. For example, if an intranet server hosts a form that an employee must download and fill out, the ADODB.Stream object is used to obtain the file and to save the file locally. After the user edits the file locally and submits the file back to the server, the ADODB.Stream object is used to read the file from the local hard disk and to send the file back to the server.

We strongly recommend that you use different methods to provide this functionality. For example, you may use an application or a control that requires the user to deliberately access the hard disk.

Software update information

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Microsoft has provided two methods that you can use to disable the ADODB.Stream object from Internet Explorer. Only the ADODB.Stream object in Internet Explorer will be affected. No other ADO objects are affected by this change.

These methods work by creating the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}

This registry key has a GUID for the ADODB.Stream object. When Internet Explorer recognizes this registry key, Internet Explorer does not permit the component to be started in the browser.

The methods to disable the ADODB.Stream object in Internet Explorer are described below:

Microsoft Download Center Update


To disable the ADODB.Stream object by using a registry key update available from the Microsoft Download Center, click the link that corresponds with your operating system:

Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer - (KB870669)
- or -
Critical Update for Microsoft Data Access Components -Disable ADODB.Stream object from Internet Explorer - 64 Bit Edition (KB87066)

Additional information and download instructions are available from the Microsoft Download Center web site.

Manual Process to disable the ADODB.Stream object


To manually create the registry key, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type Regedit, and then click OK.
  3. In Registry Editor, locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

  4. Right-click ActiveX Compatibility, point to New, and then click Key.
  5. Type the following name for the key:

    {00000566-0000-0010-8000-00AA006D2EA4}

  6. Right-click the new key, and then click New DWORD Value.
  7. Name the value Compatibility Flags.
  8. In the right pane, right-click Compatibility Flags, and then click Modify.
  9. In the Edit DWORD Value dialog box, make sure that the Hexadecimal option is selected, type 400 in the Value data box, and then click OK.
  10. Close Registry Editor.
When you set the compatibility flag, the ADODB.Stream object cannot access the hard disk of your computer in Internet Explorer. However, the ADODB.Stream object can still access your hard disk outside Internet Explorer.

Important Notes

After you apply the update, you will receive the following error message when you try to use an ADO stream object from an HTML page in Internet Explorer:
ActiveX component can’t create object: ‘ADODB.Stream’
If you are running an application in a corporate intranet environment, and the corporate intranet environment currently uses the ADODB.Stream object with Internet Explorer, applying this update may cause the application to break. To restore application functionality, Microsoft recommends that you first set your Internet Explorer browser security level to High, and then you must clear the compatibility flag of the ADODB.Stream object
  1. To set your Internet Explorer browser security to high follow these steps:
    1. In Internet Explorer, click Internet Options on the Tools menu.
    2. Click the Security tab. Under Select a Web content zone to specify its security settings, click Internet.
    3. Click Default Level, and then move the slider to High.
    4. Click Apply, and then click OK to close the Internet Options dialog box.
  2. Clear the compatibility flag of the ADODB.Stream object for Internet Explorer by setting the value to zero (0x0). Setting the value to zero (0x0) disables the key and restores functionality. To manually set the compatibility flag to zero, follow these steps:
    1. Click Start, and then click Run.
    2. In the Open box, type Regedit, and then click OK.
    3. In Registry Editor, locate the following registry key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}

    4. In the right pane, double-click Compatibility Flags.
    5. In the Edit DWORD Value dialog box, make sure that the Hexadecimal option is selected, type 0 in the Value data box, and then click OK.
    6. Close Registry Editor.

 

REFERENCES

For additional information about how to strengthen the Local Machine zone in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

833633 How to strengthen the security settings for the Local Machine zone in Internet Explorer

For more information about Internet security, visit the following Microsoft Web site:

http://www.microsoft.com/security/incident/settings.mspx

For additional information about how to stop ActiveX controls from running on your system, click the following article number to view the article in the Microsoft Knowledge Base:

240797 How to stop an ActiveX control from running in Internet Explorer

The information in this article applies to:

Last Reviewed: 7/2/2004 (1.2)
Keywords: kbinfo KB870669 kbAudDeveloper
 
AMSS COMMUNITY HUB
James K. Murray (MCSA, MCSD)
President
A. M. Software Services, Inc.
347.247.6680
JamesMurray@AMSoftwareServices.com
http://www.amsoftwareservices.net