Mentioned
In
|
 |
 |
 |
|
Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms
of Use |
Trademarks
Article ID: 976949 - Last Review: November 5, 2009 - Revision: 3.0 You receive a VBScript "Type Mismatch" script error message in Internet Explorer after you install cumulative security update 974455
Cumulative security update for Internet Explorer 974455 (described in MS09-054
(http://www.microsoft.com/technet/security/bulletin/MS09-054.mspx)
) introduced additional "Type" safety checks into various methods to address identified security vulnerabilities. Under certain scenarios, these new type safety checks can result in "Type Mismatch" script errors in Web pages that use VBScript or in Web pages that use a mixture of VBScript and JavaScript.
For more information about MS09-054, click the following article number to view the article in the Microsoft Knowledge Base:
974455Â
(http://kbalertz.com/Feedback.aspx?kbNumber=974455/
)
MS09-054: Cumulative security update for Internet Explorer
Web pages that use VBScript as the client-side scripting language and that use the showModalDialog() or the showModelessDialog() methods may encounter a "Type Mismatch" script error. Microsoft has identified the following three scenarios in which a "Type Mismatch" script error could be generated:
- showModalDialog()
The first scenario involves passing an Array() value as a parameter to the showModalDialog() method in VBScript. The showModalDialog() method supports one required argument (sURL) and two optional arguments (vArguments and sFeatures). The vArguments parameter is a VARIANT Type parameter that specifies the arguments to use when displaying the document. If a developer decides to pass an Array() directly to the optional vArguments parameter, a "Type Mismatch" script error will occur.
For more information about the showModalDialog method, visit the following Microsoft MSDN Web page:
- showModelessDialog()
The second scenario involves passing an Array() value as a parameter to the showModelessDialog() method in VBScript. The showModelessDialog() method supports one required argument (sURL) and two optional arguments (vArguments and sFeatures). The vArguments parameter is a VARIANT Type parameter that specifies the arguments to use when displaying the document. If a developer decides to pass an Array() directly to the optional vArguments parameter, a "Type Mismatch" script error will occur.
For more information about the showModelessDialog method, visit the following Microsoft MSDN Web page:
- returnValue
The third scenario involves the explicit setting of the returnValue property of a Modal Dialog window. The returnValue property is a read/write property that has no default value. According to documentation on MSDN, the returnValue property applies only to those windows created with the showModalDialog() method. If a developer decides to explicitly set the returnValue property of a Modal Dialog window to an Array() value in VBScript, a "Type Mismatch" script error will occur.
For more information about the return Value property, visit the following Microsoft MSDN Web page:
Currently, Microsoft has not observed "Type Mismatch" script errors arising from cumulative security update 974455 in Web pages that use JavaScript as their sole client-side scripting language. Only Web pages that use the showModalDialog() method, the showModelessDialog() method, or the returnValue property within VBScript seem to be affected. If the Web page contains a mixture of both VBScript and JavaScript, it may be affected if the Web page uses the methods or properties that were discussed earlier within VBScript or if the Web page uses the VBArray object. Use of the VBArray object is uncommon, and scenarios that involve VBArray will not be covered by this Knowledge Base article.
Cumulative security update for Internet Explorer MS09-054
(http://www.microsoft.com/technet/security/bulletin/MS09-054.mspx)
was released to address identified security vulnerabilities in Internet Explorer. As part of the cumulative security update, Internet Explorer introduced new checks against unintended casting of VARIANT Type parameters into dangerous data types. The additional security checks impose additional security restraints on VARIANT Type parameters that are being passed as part of user-controlled variables in order to protect the user from certain kinds of attacks. These additional checks may affect legitimate browsing scenarios that use VARIANT data types.
To resolve this problem, install update 976749 after you install security update 974455.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
976749Â
(http://kbalertz.com/Feedback.aspx?kbNumber=976749/
)
An update is available for Internet Explorer that resolves issues that occur after you apply security update 974455 (MS09-054)
Important Do not install update 976749 if you have not installed security update 974455. If you install update 976749 without first installing security update 974455, Internet Explorer may not work correctly. If this occurs, uninstall update 976749, install security update 974455, and then reinstall update 976749.
We recommend that you continue to apply cumulative security update 974455 and that you install update 976749 if you experience the symptoms that are described in this article. Customers who decide to remove the cumulative security update will put their systems at risk.
For the first and second scenarios that are discussed in the "Symptoms" section, you can implement a workaround if you do not want to install security update 974455. To work around the issue, explicitly declare the Array() variable into a VBScript variable. Arrays can be passed to the showModalDialog() or the showModelessDialog() methods without a "Type Mismatch" script error.
For example, the following VBScript will cause a "Type Mismatch" script error.
// TYPE MISMATCH
vReturn = window.showModalDialog("http://www.contoso.com", Array(1,2,3,4,5,6,7))
The following VBScript will pass an array to the showModialDialog() or showModelessDialog() methods without a "Type Mismatch" script error.
// NO TYPE MISMATCH ERROR
Dim myArray
myArray=Array(1,2,3,4,5,6,7)
vReturn = window.showModalDialog("http://www.contoso.com", myArray)
For the third scenario that was discussed earlier, you can implement a workaround if you do not want to install security update 974455. To work around the issue in scenarios where a single dimension Array() value is passed to the returnValue property, use the Join and Split VBScript functions. This lets you pass Array() values to the returnValue property.
For example, the following VBScript generates a "Type Mismatch" script error.
// TYPE MISMATCH
Dim arrayItems
arrayItems(0) = 1
arrayItems(1) = 2
arrayItems(2) = 3
Window.returnvalue = arrayItems
When you use the Join and Split VBScript functions, you can set the returnValue property without generating a "Type Mismatch" script error.
// NO TYPE MISMATCH ERROR
Dim arrayItems
arrayItems(0) = 1
arrayItems(1) = 2
arrayItems(2) = 3
Dim arrString = Join(arrayItems, ";")
Window.returnvalue = arrString
Dim strTemp = window.showModalDialog(……)
Dim arrayItems = Split(strTemp, ";")
For the third scenario that was discussed earlier, where multidimensional Array() values or Array() values that have objects are passed to the returnValue property, you can implement a workaround if you do not want to install security update 974455. To work around the issue in this scenario, you can use a JavaScript function to set the returnValue property. This JavaScript function is available to VBScript subroutines and functions. Any returnValue property value that is set by a JavaScript function will be available to VBScript.
For example, the following VBScript generates a "Type Mismatch" script error.
// TYPE MISMATCH
<script LANGUAGE=vbscript>
Option Explicit
Sub Window_OnLoad
Dim abc(1,2,3)
Window.ReturnValue = abc
End Sub
</script>
Using a JavaScript function together with an existing VBScript lets you set the returnValue property without generating a "Type Mismatch" script error.
// NO TYPE MISMATCH ERROR
<script Language=JavaScript>
function setReturnValue(){
var returnValueArray= new Array();
returnValueArray[0] = 1;
returnValueArray[1] = 2;
returnValueArray[2] = 3;
window.returnValue = returnValueArray;
}
</script>
<script LANGUAGE=vbscript??
Option Explicit
Sub Window_OnLoad
setReturnValue()
msgbox window.returnValue
End Sub
</script>
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
APPLIES TO- Windows Internet Explorer 8, when used with:
- Windows Server 2008 Datacenter without Hyper-V
- Windows Server 2008 Enterprise without Hyper-V
- Windows Server 2008 for Itanium-Based Systems
- Windows Server 2008 Standard without Hyper-V
- Windows Server 2008 Datacenter
- Windows Server 2008 Enterprise
- Windows Server 2008 Standard
- Windows Web Server 2008
- Windows Server 2008 R2 Datacenter
- Windows Server 2008 R2 Datacenter without Hyper-V
- Windows Server 2008 R2 Enterprise
- Windows Server 2008 R2 Enterprise without Hyper-V
- Windows Server 2008 R2 Standard
- Windows Server 2008 R2 Standard without Hyper-V
- Windows Web Server 2008 R2
- Windows 7 Enterprise
- Windows 7 Home Basic
- Windows 7 Home Premium
- Windows 7 Professional
- Windows 7 Ultimate
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Ultimate
- Windows Vista Enterprise 64-bit Edition
- Windows Vista Home Basic 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Windows Vista Business 64-bit Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Windows Internet Explorer 7, when used with:
- Windows Server 2008 Datacenter without Hyper-V
- Windows Server 2008 Enterprise without Hyper-V
- Windows Server 2008 for Itanium-Based Systems
- Windows Server 2008 Standard without Hyper-V
- Windows Server 2008 Datacenter
- Windows Server 2008 Enterprise
- Windows Server 2008 Standard
- Windows Web Server 2008
- Windows Server 2008 R2 Datacenter
- Windows Server 2008 R2 Datacenter without Hyper-V
- Windows Server 2008 R2 Enterprise
- Windows Server 2008 R2 Enterprise without Hyper-V
- Windows Server 2008 R2 Standard
- Windows Server 2008 R2 Standard without Hyper-V
- Windows Web Server 2008 R2
- Windows 7 Enterprise
- Windows 7 Home Basic
- Windows 7 Home Premium
- Windows 7 Professional
- Windows 7 Ultimate
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Ultimate
- Windows Vista Enterprise 64-bit Edition
- Windows Vista Home Basic 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Windows Vista Business 64-bit Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Internet Explorer 6.0, when used with:
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Internet Explorer 6.0 SP1, when used with:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
- Microsoft Internet Explorer 5.01 Service Pack 4, when used with:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
| kbcode kbtshoot kbbug kbexpertiseinter kbsecurity kbsecvulnerability kbsurveynew KB976949 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please
|
|
 |
|
 |
|
|
|
| |