Microsoft KB Archive/937143

= MS07-045: Cumulative Security Update for Internet Explorer =

Article ID: 937143

Article Last Modified on 10/27/2007

-

APPLIES TO

 Windows Internet Explorer 7, when used with:  Microsoft Windows Server 2003 Service Pack 2

 

 Microsoft Windows Server 2003, Datacenter x64 Edition

 Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

 </li></ul>

 Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

 Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

 Microsoft Windows XP Service Pack 2</li></ul>

 Microsoft Windows XP Professional x64 Edition</li></ul>

 Windows Vista Ultimate</li></ul>

 Windows Vista Enterprise</li></ul>

 Windows Vista Business</li></ul>

<ul> <li>Windows Vista Home Premium</li></ul>

<ul> <li>Windows Vista Home Basic</li></ul>

<ul> <li>Windows Vista Starter</li></ul>

<ul> <li>Windows Vista Ultimate 64-bit edition</li></ul>

<ul> <li>Windows Vista Enterprise 64-bit edition</li></ul>

<ul> <li>Windows Vista Business 64-bit edition</li></ul>

<ul> <li>Windows Vista Home Premium 64-bit edition</li></ul>

<ul> <li>Windows Vista Home Basic 64-bit edition</li></ul> </li> <li>Microsoft Internet Explorer 6.0 Service Pack 1, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul> </li> <li>Microsoft Internet Explorer 6.0, when used with: <ul> <li>Microsoft Windows XP Service Pack 2</li></ul>

<ul> <li>Microsoft Windows XP Professional x64 Edition</li></ul>

<ul> <li></li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> <li></li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

<ul> <li></li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003 Service Pack 2</li></ul> </li> <li>Microsoft Internet Explorer 5.01 Service Pack 4, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul> </li></ul>

-

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS07-045. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx

</li></ul>

<div class="moreinformation_section">

Known issues with this security update
<ul> <li>Controls that prompt before they are loaded

Note This issue occurs on Web sites that do not use the recommended techniques. This issue is resolved by using the techniques that are described on the following Microsoft Web site:

http://msdn.microsoft.com/ieupdate

When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.</li> <li>In Windows XP with Service Pack 2 (SP2) and in Windows Server 2003 with Service Pack 1 (SP1), the Add or Remove Programs item in Control Panel lists software updates. These software updates are listed under the name of the product to which the updates apply. In Windows XP with SP2, Add or Remove Programs lists this update under Windows XP - Software Updates.</li> <li>Using monikers is no longer supported in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

906294 The use of monikers is no longer supported in Internet Explorer after installing the security updates provided by cumulative security update 896727 (MS05-038)

</li> <li>

937905 Description of the Input Method Editor (Korean) 2007 hotfix package: July 7, 2007

</li> <li>You may receive an error message that resembles the following when you try to visit a Web page in Windows Internet Explorer 7:

Webpage cannot be displayed

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

942818 Error message after you install a Windows Internet Explorer 7 update from Windows Update or from Microsoft Update: &quot;Webpage cannot be displayed&quot;

</li></ul>

Non-security-related fixes that are included in this security update
<ul> <li>

941495 Internet Explorer increases the per-domain cookie limit from 20 to 50

General distribution release (GDR) fixes <ul> <li>

937053 When you copy text from a Rich Text box in InfoPath on a computer that has Internet Explorer 7 installed, the pasted text unexpectedly appears inside a table cell

</li> <li>

936953 FIX: The item may not be selected when you use the windowless SELECT control to create a list in Internet Explorer 7

</li> <li>

936904 Error message when you open a Web page in Windows Internet Explorer 7: &quot;Internet Explorer has encountered a problem and needs to close&quot;

</li> <li>

936882 FIX: An access violation may occur and you may receive an error message when you open a Web page that uses SSL in Internet Explorer 6

</li> <li>

935777 FIX: The buffer size of the InternetQueryOptionW function is half of its actual size if you use INTERNET_OPTION_URL as the second parameter in Internet Explorer 7

</li> <li>

935776 FIX: The InternetQueryOptionW function returns a value of true when you use the INTERNET_OPTION_URL option flag as the second parameter in Internet Explorer 7

</li> <li>

935775 You receive a script error in Internet Explorer 7 when you include certain characters to specify a window name parameter in the &quot;Window.Open&quot; method

</li> <li>

935579 FIX: When you access an external document by using a link in an inline frame in Internet Explorer 7, the value of the document object is returned as &quot;undefined&quot;

</li> <li>

933133 When you try to use Internet Explorer 7 to download a file from a Web page, the file name changes

</li> <li>

933014 FIX: An application uses the Favorites folder of Internet Explorer 7 as the root directory when the application calls the &quot;DoOrganizeFavDlg&quot; function

</li> <li>

932044 A Web site cannot set a cookie if the Domain attribute is in uppercase characters and has an odd number of characters in Internet Explorer 7

</li> <li>

932043 A Web site cannot set a cookie if the Domain attribute is in uppercase characters and has an odd number of characters in Internet Explorer 6

</li> <li>

935575 FIX: When you try to use Windows Internet Explorer 7 to display a Scalable Vector Graphics (SVG) file on a local computer, Internet Explorer 7 cannot display the SVG file

</li></ul> </li></ul>

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbpubtypekc atdownload kbexpertisebeginner KB937143

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.