How to disable the ADODB.Stream object from Internet Explorer
An ADO stream object contains methods for reading and writing binary files and text files. When an ADO stream object is combined with known security vulnerabilities in Internet Explorer, a Web site could execute scripts from the Local Machine zone. To help protect your computer from this kind of attack, you can manually modify your registry.
An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.
Any line-of-business Web application that requires a file to be loaded or to be saved to the hard disk may use the ADODB.Stream object in Internet Explorer. For example, if an intranet server hosts a form that an employee must download and fill out, the ADODB.Stream object is used to obtain the file and to save the file locally. After the user edits the file locally and submits the file back to the server, the ADODB.Stream object is used to read the file from the local hard disk and to send the file back to the server.
We strongly recommend that you use different methods to provide this functionality. For example, you may use an application or a control that requires the user to deliberately access the hard disk.
The information in this article applies to:
Microsoft Internet Explorer 5.01 SP2
Microsoft Internet Explorer 5.01 SP3
Microsoft Internet Explorer 5.01 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Data Access Components 2.5
Microsoft Data Access Components 2.6
Microsoft Data Access Components 2.7
Microsoft Data Access Components 2.8