Microsoft KB Archive/279330

= Patch Available for New Variant of the &quot;Frame Domain Verification&quot; Vulnerability =

Article ID: 279330

Article Last Modified on 3/29/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.01
 * Microsoft Windows Millennium Edition

-



This article was previously published under Q279330



SUMMARY
Microsoft has released an update to Internet Explorer that addresses a potential security issue that would enable a malicious Web site operator to open two frames, one in his or her domain and another on the user's local file system, and enables the malicious Web site operator to pass information from the user's computer to his or her domain.

Additional information about this issue is available from the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS00-093.mspx



MORE INFORMATION
This issue is also described in the following Microsoft Security Bulletins:

http://www.microsoft.com/technet/security/bulletin/MS00-033.mspxhttp://www.microsoft.com/technet/security/bulletin/MS00-055.mspx

Several functions do not enforce proper separation of frames in the same window that reside in different domains. The new variant involves an additional function with the same flaw. As of 12/12/2000, this patch eliminates all known variants of this vulnerability.

Patch Availability
To install the patch, view the following Microsoft Web site:

http://www.microsoft.com/windows/ie/download/critical/279328.htm

NOTE: This update may not appear on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft.com Web site:

This update does not need to be installed on this system.

Updates are available only for Internet Explorer 5.01 Service Pack 1 (SP1), 5.5 and 5.5 SP1. Internet Explorer versions 5 and 5.01 are also vulnerable to this problem. If your browser is a version of Internet Explorer (5 or later) other than 5.01 SP1, 5.5 or 5.5 SP1, your computer is still vulnerable. Microsoft recommends that you upgrade to the latest version of Internet Explorer and then install this patch.

For additional information about how to determine the version of Internet Explorer you are using, click the article number below to view the article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

The Q279328.exe file contains the following files: Internet Explorer 5.5 Service Pack 1:

Date       Time        Version           Size         File name --- 11-13-00   2:06pm      5.50.4611.1300    2,681        Mshtml.dll 11-13-00   12:49pm     5.50.4611.1300    399          Mshtmled.dll 11-13-00   2:07pm      5.50.4611.1300    1,120        Shdocvw.dll

Internet Explorer 5.5:

Date       Time        Version           Size         File name -- 07-28-00   3:16pm      5.50.4207.2600    109          Asctrls.ocx

Internet Explorer 5.01 Service Pack 1:

Date       Time        Version           Size         File name -- 11-13-00   2:35pm      5.00.3211.1700    2,298        Mshtml.dll 11-03-00   3:22pm      5.00.3211.300     1,078        Shdocvw.dll

For additional information about other issues that are addressed by this update, click the article numbers below to view the articles in the Microsoft Knowledge Base:

279881 Patch Available for New Variant of Scriptlet Rendering Vulnerability

279329 Patch Available for File Upload via Form Vulnerability

279328 Patch Available for Browser Print Template Vulnerability

For additional information about the latest service pack for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Additional query words: problem update fix mshtml dll shdocvw asctrls ocx mshtmled

Keywords: kbinfo kburl kbwin2000presp2fix kbenv kbfile KB279330

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.