Microsoft KB Archive/244357

= Update for "Javascript Redirect" Vulnerability in Internet Explorer 5 =

Article ID: 244357

Article Last Modified on 8/23/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0

-



This article was previously published under Q244357



SYMPTOMS
Microsoft has made an update available that addresses a potential security issue in which an HTTP redirect to a javascript:url can be used to compromise security. This issue could allow a malicious Web site operator to read files on the local computer, although the intruder would have to know the name and location of the file. The vulnerability does not allow the malicious user to list the contents of folders, create, modify or delete files.

Additional information about this issue is available from the following Microsoft Web sites:
 * http://www.microsoft.com/windows/ie/community/columns/securityupgrade.mspx
 * http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx

Updates are available for the following products:
 * Microsoft Internet Explorer 5.0 for Windows 95
 * Microsoft Internet Explorer 5.0 for Windows NT 4.0 (Alpha and x86)
 * Microsoft Windows 98
 * Microsoft Windows 98 Second Edition



RESOLUTION
To obtain this update, download and install the appropriate Q244357.exe file for your computer from the Microsoft site listed below. To navigate to Q244357.exe file, click the link below, and then click Next twice:
 * http://www.microsoft.com/msdownload/iebuild/jsredir/en/jsredir.htm

The English-language version of this fix should have the following file attributes or later:

  File name           Size                Date      Version Urlmon.dll         442,640 (x86)       10-25-99   5.0.2722.2500 Urlmon.dll         719,120 (alpha)     10-25-99   5.0.2722.2500

Note that if you try to install this update on any version of Internet Explorer other than Internet Explorer 5, you receive a message that says "This update does not need to be installed on this system" when in fact the computer may be vulnerable. For additional information about Internet Explorer 4.01, click the article number below to view the article in the Microsoft Knowledge Base:

244356 Update for "Javascript Redirect" Vulnerability in Internet Explorer 4.01



STATUS
This issue is fixed in Internet Explorer 5.01.

Keywords: kbprb KB244357

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.