Microsoft KB Archive/246094

= Update Available for "Server-Side Page Reference Redirect" Vulnerability =

Article ID: 246094

Article Last Modified on 1/25/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 4.0 128-Bit Edition

-



This article was previously published under Q246094



SUMMARY
Microsoft has released a patch that eliminates a vulnerability in Microsoft Internet Explorer 4 and 5 that may allow a malicious Web site operator to view a file on the computer of a visiting user, provided that the Web site operator knows the name of the file and folder.

Additional information about this vulnerability is available at:
 * http://www.microsoft.com/TechNet/security/bulletin/ms99-050.asp
 * http://www.microsoft.com/athome/security/default.mspx

Updates are available for the following products:
 * Internet Explorer 4.01 SP2 for Microsoft Windows 95 and Microsoft Windows NT 4.0 (x86 and Alpha)
 * Microsoft Windows 98
 * Internet Explorer 5 and 5.01 for Windows 95, Windows 98, and Windows NT 4.0 (x86 and Alpha)

This update also includes fixes for the following previous security issues.

NOTE: You do not need to install these fixes after installing the update mentioned above. For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

231450 Update Available for the 'Malformed Favorites Icon' Issue

241362 Update Available for the ImportExportFavorites Issue



MORE INFORMATION
This problem is resolved in Internet Explorer 5.01 for Windows 2000 and Internet Explorer 5.01 SP1 and later for other platforms. We recommend that you upgrade to the latest version of Internet Explorer to resolve this problem.

For additional information about how to determine which version of Internet Explorer you are using, click the following article number to view the article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

For additional information about how to obtain the latest version of Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

267954 How to Obtain the Latest Internet Explorer 5.5 Service Pack

For additional information about how to obtain the latest version of Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Internet Explorer 6 Service Pack

Internet Explorer 4.01 SP2 for Windows 95 and Windows NT 4.0
  File name    Size       Date        Version         Platform Shdocvw.dll 2,174,736  11/30/1999  4.72.3711.2900  9x Shdocvw.dll 2,174,736  11/30/1999  4.72.3711.2900  NT (x86) Shdocvw.dll 3,154,704  11/29/1999  4.72.3711.2900  NT (Alpha)

Though the Windows 95 and Windows NT 4.0 x86 files are the same size, they are different binaries and are not interchangeable. These files are named Shdo95.dll and Shdont.dll inside the package. When they are extracted, the files are named appropriately as they are installed on your computer.

Internet Explorer 5.0 for Windows 95, Windows 98, and Windows NT 4.0
  File name    Size       Date        Version         Platform Shdocvw.dll 950,544    11/29/1999  5.0.2723.2900   (x86) Shdocvw.dll 1,617,680  11/29/1999  5.0.2723.2900   (Alpha)

Internet Explorer 5.01 for Windows 95, Windows 98, and Windows NT 4.0
  File name    Size       Date        Version         Platform Shdocvw.dll 1,102,608  11/29/1999  5.0.2919.6400   (x86)

NOTE: If you are using Internet Explorer 4.0 or 4.01 Service Pack 1, you must install Internet Explorer 4.01 Service Pack 2 in order to apply this update. You can install Internet Explorer 4.01 Service Pack 2 from the following Microsoft Web site:

http://www.microsoft.com/windows/ie/downloads/default.mspx

When a Web server performs a server-side redirect, the Internet Explorer security model verifies the server's permissions on the new page. However, under certain timing conditions, it is possible for a Web server to create a reference to a client window that the server is permitted to view. Then the Web server could use a server-side redirect to a client-local file, and bypass the security restrictions. The result is that it may be possible for a malicious Web site operator to view, but not change, create or delete, files on the computer of a visiting user. The Web site operator would need to know (or guess) the name and location of the file.

Keywords: kbbug kbfix kbpolicy KB246094

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.