Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the application using the Active X control (typically Internet Explorer).These issues affect Install Shield Update Service 5.01.100.47363 and 18.104.22.168146.
If you go down the "classic" route with a native Active X component, is the component signed by the vendor? I am also unsure at this time as to whether Office 2003 was affected, but have not seen any mention of a patch if it was. (note there doesn’t appear to be a separate Excel patch) Note: I have not actually been able to verify whether these patches work, but some early reports suggest they don’t work for everyone (perhaps for the same reason that the fixes below didn’t).The users hard drive is not writeable except for one directory, that is set up for people to save data they don't want backing up.Even the user profile is backed up to redirected network paths. Did you follow the instructions on the Thin App blog site? language=en_US&cmd=display KC&external Id=2069870) Also, regarding SXS issues, I tend to remove all of the SXS entries from the registry, and move / copy the files to the corresponding system directory.