Microsoft KB Archive/176697

= Security Patches for Internet Explorer 3 and 4 =

PSS ID Number: 176697

Article Last Modified on 12/5/2003

-

The information in this article applies to:


 * Microsoft Internet Explorer 4.0 for Windows NT 4.0
 * Microsoft Internet Explorer 3.02 for Windows NT 4.0
 * Microsoft Internet Explorer 5.0 for Windows 98
 * Microsoft Internet Explorer 4.01 for Windows 95
 * Microsoft Internet Explorer 4.0 for Windows 95
 * Microsoft Internet Explorer 3.02 for Windows 95
 * Microsoft Internet Explorer 4.01 for UNIX on Sun Solaris

-



This article was previously published under Q176697



SUMMARY
This article describes the following security issues in Internet Explorer, and the patches that address these issues:

Internet Explorer 4.0 and 4.01
NOTE: These patches are included in Internet Explorer 4.01 Service Pack 1.
 * MK Overrun security issue
 * Embed Buffer Overrun issue
 * Untrusted Scripted Paste Issue

Internet Explorer 4.0
NOTE: These patches are included in Internet Explorer 4.01 and Internet Explorer 4.01 Service Pack 1.


 * Page Redirect issue
 * Buffer Overrun issue
 * "Freiburg" Text-Viewing issue

For information about how to obtain Internet Explorer 4.01 Service Pack 1, please click the article number below to view the article in the Microsoft Knowledge Base:

185957 Microsoft Internet Explorer 4.01 Service Pack 1 Available



MK Overrun Issue
Microsoft has posted a fix to protect Internet Explorer customers against a potential problem known as the MK Overrun issue. This issue can cause Internet Explorer 4.0 or 4.01 to stop responding (hang) when a malicious Web site uses a "mk://" Web address that contains more characters than Internet Explorer supports. These extra characters could form a malicious executable file that could be run on your computer.

This issue was originally reported on the following Web site:

http://l0pht.com/advisories.html

This issue affects customers who use the following products:
 * Internet Explorer 4.0 and 4.01 for Windows 95 and Windows NT 4.0
 * Internet Explorer 3.02 for Windows 95 and Windows NT 4.0 with Microsoft Visual Studio installed.

There have not been any reports of customers being affected by this bug.

NOTE: Microsoft Windows 3.1, Microsoft Windows NT 3.5, Macintosh, and Unix versions of Internet Explorer are not affected by this issue. The patches will eventually be available in several languages.

For additional information (or to download the patch), please see the following Microsoft Web site:

http://www.microsoft.com/ie/security/?/ie/security/mk.htm

The MK Overrun patch updates the Urlmon.dll file in the Windows\System or Winnt\System32 folder to the following size, date, and version:

  Browser Platform   Size (in bytes)   Date      Version --  Windows 95         483,600           1/15/98   4.72.2915.0 Windows NT 4.0    484,112           1/15/98   4.72.2915.0

To uninstall this patch, extract the original Urlmon.dll file from the Internet Explorer 4.0 or 4.01 Ie4_s3.cab cabinet file.

Embed Buffer Overrun Issue
Microsoft has posted a fix to protect Internet Explorer customers against a potential problem known as the Embed Buffer Overrun issue. This issue can cause Internet Explorer 4.0 or 4.01 to stop responding (hang) when you view a malicious Web page containing the "EMBED" tag. It is very difficult, but possible, for a knowledgeable Web page developer to cause a malicious executable file to be run on your computer when you load a Web page that contains the "EMBED" tag.

This issue was originally reported on the following Web sites:


 * http://www.geocities.com/ResearchTriangle/1711
 * http://www.news.com/News/Item/0,4,20159,00.html?st.ne.1.head

This issue affects customers who use the following products:


 * Microsoft Internet Explorer 4.0 and 4.01 for Windows 95 and Windows NT 4.0
 * Microsoft Internet Explorer versions 3.0, 3.01a, 3.0a, 4.0 for Macintosh
 * Microsoft Internet Explorer version 4.01 for UNIX on Sun Solaris
 * Microsoft Internet Explorer Administration Kit 4.0 and 4.01

There have not been any reports of customers being affected by this bug.

For additional information (or to download the patch), please see the following Microsoft Web site:

http://www.microsoft.com/ie/security

The Embed Buffer Overrun patch updates the Mshtml.dll file in the Windows\System or Winnt\System32 folder to the following size, date, and version:

NOTE: This information applies to the US versions of the patch. Updates for other language versions, the Macintosh and UNIX versions of Internet Explorer, and Internet Explorer Administration Kit will be available at a later date.

Untrusted Scripted Paste Issue
This is an update to Microsoft Internet Explorer which resolves an issue where a malicious Web site that, when visited, is able to use script to read a file on the user's system. Downloading this update will prevent possible unauthorized access to your computer. This update also includes the Microsoft Internet Explorer Cross Frame Navigation Security Update which was previously released on Windows Update.

Internet Explorer 4.0 for Windows 95 (patch name: Em4095.exe):

  Size (bytes)   Date               Version --  2,408,208      03/27/98 10:55pm   4.71.1712.20

Internet Explorer 4.0 for Windows NT 4.0 (patch name: Em40nt.exe):

  Size (bytes)   Date               Version --  2,407,696      03-27-98 10:52pm   4.71.1712.20

Internet Explorer 4.01 for Windows 95 (patch name: Em40195.exe):

  Size (bytes)   Date               Version --  2,398,992      03-27-98 5:38pm    4.72.2106.20

Internet Explorer 4.01 for Windows NT 4.0 (patch name: Em401nt.exe):

  Size (bytes)   Date               Version --  2,402,064      3-27-98 5:48pm     4.72.2106.20

To uninstall the patch, extract the original Mshtml.dll file from the Internet Explorer 4.0 or 4.01 Ie4_s2.cab (Windows 95) or Ie4nt_1.cab (Windows NT 4.0) cabinet file.

Page Redirect Issue
When you connect to a Web site that requires user authentication information (name and password), and the Web site redirects you to another Web site, your authentication information may be captured by the second Web site.

NOTE: Microsoft has received no reports of any Internet Explorer user being affected by this problem to date.

Internet Explorer 3.02 users should download the Redir302.exe patch. Internet Explorer 4.0 users should download the Redir40.exe patch.

Microsoft has confirmed this to be a problem in Internet Explorer versions 3.02 and 4.0 for Windows 95 and Windows NT 4.0, and has provided a patch that fixes the problem.

NOTE: The Page Redirect issue does not affect Internet Explorer for Windows 3.1, Windows NT 3.51, or Macintosh. It does affect Platform Preview 1 of Internet Explorer 4.0 for UNIX on Sun Solaris. Note that Microsoft recommends using preview versions for evaluation purposes only and will fix this issue in the final version of Internet Explorer 4.0 for UNIX on Sun Solaris. In the meantime, we recommend that Platform Preview 1 of Internet Explorer 4.0 for UNIX on Sun Solaris users do not enter their authentication information at Web sites.

When you install this patch, the Wininet.dll file in the Windows\System folder (in Windows 95) or Winnt\System32 folder (in Windows NT) is updated as follows:

  Browser                  Version       Size      Date Internet Explorer 3.02  4.70.1323     300,816   11/03/97 11:32a Internet Explorer 4.0   4.71.2113.0   368,400   11/14/97 11:19a

Buffer Overrun Issue
A malicious Web page author could create a Web page with a link containing the "res://" URL type using more characters than the "res://" URL type was designed to support (256 characters). When you navigate to such a link, the characters beyond the first 256 could contain malicious code that could be executed on your computer.

Microsoft has confirmed this to be a problem in Internet Explorer version 4.0 for Windows 95, and has provided a patch that fixes the problem. Note that this problem does not affect Windows NT, Windows 3.1, or Macintosh users of Internet Explorer 4.0, or any other versions of Internet Explorer.

When you install this patch, the Mshtml.dll file is updated to version 4.71.2110.0 (2,408,208 bytes, last modified on 11/10/97) on Windows 95 only.

"Freiburg" Text-Viewing Issue
Microsoft has released a patch for Internet Explorer 4.0 for Windows 95 and Windows NT 4.0 to protect your computer against a potential problem with Internet Explorer 4.0 known as the "Freiburg" text-viewing issue.

NOTE: The Windows 95 version of this patch is no longer available on Microsoft's Web site. The "Freiburg" patch is included in the Buffer Overrun patch for Windows 95 only.

When you install this patch, the Mshtml.dll file is updated to version 4.71.2016.0.

NOTE: The version number reported when you click About Internet Explorer on the Help menu (version 4.71.1712.6) and the Internet Explorer 4.0 user agent string (Mozilla/4.0 [compatible; MSIE4.0;Window 95]) are unchanged for this patch.

The potential problem exposed by the "Freiburg" text-viewing issue could allow a malicious Web site to obtain the contents of a text, Hypertext Markup Language (HTML), or graphics file from your hard disk. The file obtained cannot be damaged or manipulated on your computer, but it can be viewed.

A malicious person could create a Web page that is intentionally designed to exploit the "Freiburg" text-viewing issue. The Web page must be specifically designed to use the exact name and location of a text, HTML, or graphics file on your hard disk. Even if the exact name and location of a file is used, the Web site cannot destroy or tamper with any data, and data cannot be obtained from files other than text, HTML, or graphics files.

To protect your computer against this problem, disable scripting for unfamiliar Web sites by using the security zones feature of Internet Explorer 4.0. Network administrators can also use security zones to prevent this problem from occurring on their intranet.

To disable scripting for unfamiliar Web sites, follow these steps in Internet Explorer:
 * 1) On the View menu, click Internet Options, and then click the Security tab.
 * 2) In the Zone box, click Restricted Sites Zone.
 * 3) Under Restricted Sites Zone, click Custom (For Expert Users), and then click Settings.
 * 4) Under Active Scripting, click disable, and then click OK.
 * 5) To add a specific Web site to the Restricted Sites Zone, click Add Sites.
 * 6) Type a Web address in the "Add this Web site to the zone" box, and then click Add.
 * 7) Click OK, and then click OK again.

For additional information about Internet Explorer 4.0 security zones, please click the article number below to view the article in the Microsoft Knowledge Base:

174360 How to Use Security Zones in Internet Explorer 4.0

Additional query words: 4.00 4.01 iframe jscript java update fix frieberg freiberg frieburg secure

Keywords: kbenv KB176697

Technology: kbIE302Win95 kbIE302WinNT400 kbIE400Win95 kbIE400WinNT400 kbIE401UNIXSun kbIE401Win95 kbIE500Search kbIE500Win98 kbIE95Search kbIE98Search kbIENT400Search kbIEsearch kbIEUNIXSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.