Microsoft KB Archive/324929

= MS02-068: December, 2002, Cumulative Patch for Internet Explorer =

Article ID: 324929

Article Last Modified on 2/1/2007

-

APPLIES TO


 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.5 Service Pack 2

-



This article was previously published under Q324929



Important The December, 2002, Cumulative Patch for Internet Explorer has been superseded by the February, 2003, Cumulative Patch for Internet Explorer. For additional information about how to obtain this patch, click the following article number to view the article in the Microsoft Knowledge Base:

810847 MS03-004: February, 2003, Cumulative Patch for Internet Explorer



SUMMARY
Microsoft has released a cumulative patch for Internet Explorer. This patch includes updates for the issues that are described in the following Microsoft Knowledge Base articles:

328970 MS02-066: November, 2002, Cumulative Patch for Internet Explorer

323759 MS02-047: August 22, 2002, Cumulative Patch for Internet Explorer

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

319182 MS02-015: March 28, 2002, Cumulative Patch for Internet Explorer

316059 MS02-005: February 11, 2002, Cumulative Patch for Internet Explorer

This cumulative patch also repairs one additional flaw in Internet Explorer's cross-domain security model. This flaw occurs because the security checks that Internet Explorer carries out when particular object caching techniques are used in Web pages are incomplete. If the security checks are incomplete, an attacker may be able to run commands on a user's computer.

If an attacker exploits this vulnerability, he or she may be able to run an executable file that was already present on the local computer. The attacker may also be able to load a malicious executable file onto a user's computer or pass parameters to an executable file. However, you can add a registry key setting to restrict shortcuts in HTML Help, which significantly reduces the scope of this vulnerability. This registry key prevents attackers from being able to load a malicious executable file on a user's computer or pass parameters to an executable file. For additional information about this registry key, click the following article number to view the article in the Microsoft Knowledge Base:

810687 How to Restrict the Shortcut and WinHelp Commands in HTML Help

An attacker may be able to exploit the vulnerability by constructing a Web page that uses a cached programming technique, and then either hosts this page on a Web site or sends it to a user through e-mail. In the case of the Web-based attack vector, the page may be automatically opened when a user visits the site. In the case of the HTML mail-based attack vector, the page may be opened when the recipient opens the message or views it using the Preview pane.

For additional information about known issues that can occur when you install this update, click the article number below to view the article in the Microsoft Knowledge Base:

325192 Issues After You Install Updates to Internet Explorer or Windows



MORE INFORMATION
For more information about this patch, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-068.mspx

Download Information
The following file is available for download from the Microsoft Download Center:

Download the 324929 package now

Release Date: December 4, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information
You can install the Internet Explorer 6 version of this update on Internet Explorer 6 or on Internet Explorer 6 Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Service Pack for Internet Explorer 6

To run the Internet Explorer 5.5 version of this update, you must be running Internet Explorer 5.5 Service Pack 2 (SP2). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

276369 How to Obtain the Latest Service Pack for Internet Explorer 5.5

Warning You must restart your computer after you apply this update.

Note You cannot successfully install this update on Microsoft Windows XP-based computers in non-interactive mode (for example, by using Windows Task Scheduler, Microsoft Systems Management Server, or the IBM Tivoli software). This problem has been corrected in the February, 2003 Cumulative Patch for Internet Explorer. For additional information about how to obtain this patch, click the following article number to view the article in the Microsoft Knowledge Base:

810847 MS03-004: February, 2003 Cumulative Patch for Internet Explorer

This package supports the following switches:
 * /q Specifies Quiet mode or suppresses messages when the files are being extracted.
 * /q:u Specifies User-Quiet mode, which presents some dialog boxes to the user.
 * /q:a Specifies Administrator-Quiet mode, which does not present any dialog boxes to the user.
 * /t:  Specifies the target folder for extracting files.
 * /c Extracts the files without installing them.
 * /c:  Specifies the path and name of the Setup .inf file or the .exe file.
 * /r:n Never restarts the computer after installation.
 * /r:i Restarts the computer if a restart is required. This switch automatically restarts the computer if the computer must be restarted to complete installation.
 * /r:a Always restarts the computer after installation.
 * /r:s Restarts the computer after installation without prompting the user.
 * /n:v No version checking. Use this switch to install the program over any previous version.

For example, to install the update without any user intervention and to not force the computer to restart, run the following command:

/q:a /r:n

WARNING : Your computer is vulnerable until you restart it and log on as an administrator to complete the installation.

File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are installed in the %Windir%\System32 folder.

Internet Explorer 6 with SP1 (32-bit)
  Date         Time   Version        Size       File name -  10-Oct-2002  21:17  6.0.2800.1126  2,787,840  Mshtml.dll 01-Nov-2002 16:05  6.0.2800.1133  1,338,368  Shdocvw.dll 10-Oct-2002 21:18  6.0.2800.1126    483,328  Urlmon.dll

Internet Explorer 6 with SP1 (64-bit)
  Date         Time   Version        Size       File name -  15-Oct-2002  16:21  6.0.2800.1126  9,064,448  Mshtml.dll 01-Nov-2002 19:57  6.0.2800.1133  3,645,952  Shdocvw.dll 15-Oct-2002 16:26  6.0.2800.1126  1,410,560  Urlmon.dll

Internet Explorer 6
  Date         Time   Version       Size       File name 15-Oct-2002 17:37  6.0.2722.900  2,764,288  Mshtml.dll 05-Nov-2002 16:03  6.0.2722.900     34,304  Pngfilt.dll 05-Mar-2002 00:09  6.0.2715.400    548,864  Shdoclc.dll 05-Nov-2002 16:01  6.0.2723.100  1,336,320  Shdocvw.dll 05-Nov-2002 16:03  6.0.2715.400    109,568  Url.dll 11-Oct-2002 16:53  6.0.2722.900    481,280  Urlmon.dll

Internet Explorer 5.5 with SP2
  Date         Time   Version        Size       File name -  16-Oct-2002  23:36  5.50.4922.900  2,757,392  Mshtml.dll 17-Oct-2002 00:01  5.50.4922.900     48,912  Pngfilt.dll 04-Nov-2002 14:27  5.50.4923.500  1,149,200  Shdocvw.dll 05-Mar-2002 01:53  5.50.4915.500     84,240  Url.dll 15-Oct-2002 21:41  5.50.4922.900    451,344  Urlmon.dll NOTE : Because of file dependencies, these updates may also contain additional files.

Additional query words: security_patch patch32

Keywords: kbbug kbfix kbsecvulnerability kbie600presp2fix kbqfe kbsecurity kbie600sp2fix kbie550presp3fix kbsecbulletin KB324929

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.