The HHOpen ActiveX control (hhopen.ocx) has a buffer overflow in the OpenHelp method. Because the control is marked safe-for-scripting, an attacker may be able to script this control and exploit the vulnerability when you visit a web page. The classID for the vulnerable control is: {130D7743-5F5A-11D1-B676-00A0C9697233}. Impact: An attacker may be able to exploit a buffer overflow in the HHOpen ActiveX control and execute arbitrary code on the system of the person visiting a malicious web page. Resolution: Apply a patch Apply the patch provided by Microsoft in Security Bulletin MS99-037. This patch sets the kill bit which prevents the control from being loaded by Internet Explorer. Workarounds: Disable "Script ActiveX controls marked safe for scripting" In your Internet Explorer security settings, set this option to "disable" or "prompt".