Microsoft KB Archive/191200

= Update Available for Window.External JScript Security Issue =

Article ID: 191200

Article Last Modified on 8/8/2007

-

APPLIES TO


 * Microsoft Internet Explorer 1.0
 * Microsoft Internet Explorer 2.0
 * Microsoft Internet Explorer 3.0
 * Microsoft Internet Explorer 3.01
 * Microsoft Internet Explorer 3.02
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 3.2
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 2.0
 * Microsoft Internet Explorer 3.0
 * Microsoft Internet Explorer 3.01
 * Microsoft Internet Explorer 3.02
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.5
 * Microsoft Windows 98 Standard Edition

-



This article was previously published under Q191200



SUMMARY
Microsoft has made an update available to Microsoft Scripting Engines version 3.1 that addresses an issue regarding the way Internet Explorer handles very long strings with the Window.External JScript function. Additional information about this issue is available on the following Microsoft Web sites:

http://www.microsoft.com/technet/security/bulletin/ms98-011.mspx

Updates are available for the following products:
 * Microsoft Internet Explorer 4.0, 4.01, and 4.01 Service Pack 1 for Windows 95 and Windows NT 4.0
 * Microsoft Windows 98

Internet Explorer 4.0 and 4.01 for Windows 3.1, Windows NT 3.51, Macintosh, and UNIX on Sun Solaris are not affected by this problem. Internet Explorer version 3.x is also not affected.

This issue can cause Internet Explorer to quit unexpectedly when you view a Web page that contains a script written in JScript that uses the Window.External function with a very long string. It is difficult but possible for an individual to cause malicious code to be run on your computer as a result of this problem. There have not been any reports of customers being affected by this problem.



MORE INFORMATION
This update installs the files listed below.

Microsoft Internet Explorer 4.0, 4.01, and 4.01 Service Pack 1 for Windows 95 and Windows NT 4.0 on Intel x86 platforms:

NOTE: The fix for this issue is included in Service Pack 2.   Update file name:  Scr31en.exe Available at:

http://www.microsoft.com/windows/ie/security/default.mspx

  Updated file name    Size (bytes)   Date       Version -  Jscript.dll          484,624        7-2-98     3.1.0.3101 Vbscript.dll        335,120        7-2-98     3.1.0.3101 Dispex.dll           53,520        7-2-98     3.1.0.3101 Scrrun.dll          172.816        7-2-98     3.1.0.3101

Microsoft Internet Explorer 4.0, 4.01, and 4.01 Service Pack 1 for Windows NT 4.0 on Alpha platforms:

  Update file name:  Scr31en.exe

Available at:

http://www.microsoft.com/windows/ie/security/default.mspx

  Updated file name    Size (bytes)   Date       Version -  Jscript.dll          811,844        7-2-98     3.1.0.3101 Vbscript.dll        595,269        7-2-98     3.1.0.3101 Dispex.dll          120,643        7-2-98     3.1.0.3101 Scrrun.dll          265,027        7-2-98     3.1.0.3101

Windows 98:

 Update file name: Scr31en.exe

Available at: Microsoft Windows Update Web site

http://windowsupdate.microsoft.com

  Updated file name    Size (bytes)   Date       Version -  Jscript.dll          484,624        7-2-98     3.1.0.3101 Vbscript.dll        335,120        7-2-98     3.1.0.3101 Dispex.dll           53,520        7-2-98     3,1,0,3101 Scrrun.dll          172.816        7-2-98     3.1.0.3101

NOTE: Version 4.0 (included with Microsoft Visual Studio 6.0) or 5.0 (Beta version available for download) of the Microsoft Scripting Engines are not affected by this problem. If you attempt to install this update over version 4.x or 5.x of the Scripting Engines, you receive the following version conflict messages for each of the four files listed above:

NOTE: You should click Yes (keep your existing file) in Windows 95/98 and No (do not overwrite the newer file) in Windows NT.

For Windows 95/98:

  Version Conflict A file being copied is older than the file currently on your computer. It is recommended that you keep your existing file.

  Filename: Description: Your version: x.x.x.xxxx.

  Do you want to keep this file?

For Windows NT:

  Confirm File Replace Source: Target:

  The target file exists and is newer than the source. Overwrite the newer file?

Reducing Your Risk If You Cannot Apply the Patch
If you are unable to apply the patch, you can reduce your risk of being affected by this problem by disabling Active Scripting in Internet Explorer. To do this, follow these steps:


 * 1) Click Start, point to Settings, and then click Control Panel.
 * 2) Double-click Internet, and then click the Security tab.
 * 3) In the Zone box, click Internet Zone.
 * 4) Click Custom (For Expert Users), and then click Settings.
 * 5) Under Scripting, click Disable in the Active Scripting section.
 * 6) Click OK.
 * 7) In the Zone box, click Restricted Sites Zone.
 * 8) Repeat steps 4-6.
 * 9) Click OK.

Keywords: kbinfo KB191200

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.