Microsoft KB Archive/244356

= Update for "Javascript Redirect" Vulnerability in Internet Explorer 4.01 =

Article ID: 244356

Article Last Modified on 8/23/2007

-

APPLIES TO


 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 4.01 Service Pack 2

-



This article was previously published under Q244356



SYMPTOMS
Microsoft has made an update available that addresses a potential security issue in which an HTTP redirect to a javascript:url can be used to compromise security. This issue could allow a malicious Web site operator to read files on the local computer, although the intruder would have to know the name and location of the file. The vulnerability does not allow the malicious user to list the contents of folders, create, modify or delete files.

Additional information about this issue is available from the following Microsoft Web sites:
 * http://www.microsoft.com/windows/ie/community/columns/securityupgrade.mspx
 * http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx

Updates are available for the following products:
 * Microsoft Internet Explorer 4.01 SP2 for Windows 95
 * Microsoft Internet Explorer 4.01 SP2 for Windows NT 4.0 (Alpha and x86)
 * Microsoft Windows 98



RESOLUTION
To obtain this update, download and install the appropriate Q244356.exe file for your computer from Microsoft site link below. This link navigates you to the 4.01 fix (Q244356) after you select the proper platform from the drop down dialog.
 * http://www.microsoft.com/msdownload/iebuild/jsredir/en/jsredir.htm

The English-language version of this fix should have the following file attributes or later:

Internet Explorer 4.01 Service Pack 2 File name          Size                Date       Version Urlm95.dll         449,808 (x86)       10-25-99   4.72.3710.2500 Urlmnt.dll         490,256 (x86)       10-25-99   4.72.3710.2500 Urlmon.dll         830,736 (alpha)     10-25-99   4.72.3710.2500 Note that the Urlm95.dll and Urlmnt.dll files are renamed to Urlmon.dll when they are installed to their respective Windows 95 or Windows NT platform.



MORE INFORMATION
After you install this update "Q244356" is added to the Update Versions line when you click About Internet Explorer on the Help menu in Internet Explorer.

For additional information about the update for Internet Explorer 5, click the article number below to view the article in the Microsoft Knowledge Base:

244357 Update for "Javascript Redirect" Vulnerability in Internet Explorer 5

Keywords: kbprb KB244356

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.