Microsoft KB Archive/169245: Difference between revisions
m (Text replacement - "<" to "<") |
m (Text replacement - ">" to ">") |
||
Line 115: | Line 115: | ||
<br /> | <br /> | ||
Update file name: Ie4usp.exe | Update file name: Ie4usp.exe | ||
<pre class="fixed_text">Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security" | <pre class="fixed_text">Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security">http://www.microsoft.com/windows/ie/security</WWLINK> | ||
</pre> | </pre> | ||
<pre class="fixed_text"> Updated file name Size (bytes) Date Version | <pre class="fixed_text"> Updated file name Size (bytes) Date Version | ||
Line 124: | Line 124: | ||
<pre class="fixed_text"> Update file name: Ie4usp.exe | <pre class="fixed_text"> Update file name: Ie4usp.exe | ||
</pre> | </pre> | ||
<pre class="fixed_text"> Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security" | <pre class="fixed_text"> Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security">http://www.microsoft.com/windows/ie/security</WWLINK> | ||
</pre> | </pre> | ||
<pre class="fixed_text"> Updated file name Size (bytes) Date Version | <pre class="fixed_text"> Updated file name Size (bytes) Date Version | ||
Line 148: | Line 148: | ||
<pre class="fixed_text"> Update file name: Ie416usp.exe | <pre class="fixed_text"> Update file name: Ie416usp.exe | ||
</pre> | </pre> | ||
<pre class="fixed_text"> Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security" | <pre class="fixed_text"> Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security">http://www.microsoft.com/windows/ie/security</WWLINK> | ||
</pre> | </pre> | ||
<pre class="fixed_text"> Updated file name Size (bytes) Date Version | <pre class="fixed_text"> Updated file name Size (bytes) Date Version | ||
Line 182: | Line 182: | ||
For additional information about Internet Explorer security zones, please see the following article in the Microsoft Knowledge Base: | For additional information about Internet Explorer security zones, please see the following article in the Microsoft Knowledge Base: | ||
<pre class="fixed_text"> ARTICLE-ID: How to Use Security Zones in Internet Explorer 4.0 | <pre class="fixed_text"> ARTICLE-ID: How to Use Security Zones in Internet Explorer 4.0 | ||
TITLE : <WWLINK TYPE="ARTICLE" VALUE="Q174360" | TITLE : <WWLINK TYPE="ARTICLE" VALUE="Q174360">Q174360</WWLINK> | ||
</pre> | </pre> | ||
Revision as of 20:41, 20 July 2020
Article ID: 169245
Article Last Modified on 8/15/2007
APPLIES TO
- Microsoft Internet Explorer 1.0
- Microsoft Internet Explorer 2.0
- Microsoft Internet Explorer 3.0
- Microsoft Internet Explorer 3.01
- Microsoft Internet Explorer 3.02
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 4.01 128-Bit Edition
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 3.2
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 2.0
- Microsoft Internet Explorer 3.0
- Microsoft Internet Explorer 3.01
- Microsoft Internet Explorer 3.02
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 4.01 128-Bit Edition
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Windows 98 Standard Edition
- Microsoft Internet Explorer 2.0
- Microsoft Internet Explorer 2.01
- Microsoft Internet Explorer 2.1
- Microsoft Internet Explorer 3.0
- Microsoft Internet Explorer 3.01
- Microsoft Internet Explorer 3.1
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 4.01 128-Bit Edition
- Microsoft Internet Explorer 4.5 128-Bit Edition
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 3.02
- Microsoft Internet Explorer 1.5
- Microsoft Internet Explorer 2.0
- Microsoft Internet Explorer 3.0
- Microsoft Internet Explorer 3.01
- Microsoft Internet Explorer 3.03 for Windows NT 3.51
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 4.01 128-Bit Edition
- Microsoft Internet Explorer 4.5 128-Bit Edition
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 3.02
This article was previously published under Q169245
SUMMARY
Microsoft has made an update available for the "Untrusted Scripted Paste" issue. This update addresses a problem regarding the way Internet Explorer uses the Document.ExecCommand to read a file on a user's computer that is in a known location.
NOTE: If you applied this patch prior to November 18, 1998, Microsoft recommends that you apply the most current version of this patch. For more information about the most current version of this patch, please see the following Microsoft Web site:
Updates are available for the following products:
- Internet Explorer 4.01 and Internet Explorer 4.01 Service Pack 1 (SP1) for Windows 95 and Windows NT 4.0 (x86 and Alpha)
- Windows 98
- Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51
The following products are not affected by this issue:
- Internet Explorer 4.0 for Windows 95 and Windows NT 4.0
- Internet Explorer 4.0 and 4.01 for Macintosh, UNIX on Sun Solaris, and Hewlett Packard HP-UX
- Internet Explorer 3.0, 3.01 and 3.02 for Windows 95, Windows NT 4.0, Windows 3.1, Windows NT 3.51, and Macintosh
The "Untrusted Scripted Paste" issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious Web site operator to read the contents of a file on the user's computer that is in a known location. This could also be used to view the contents of a file on a network to which the user has access, and whose direct path name is known by the attacker. There have not been any reports of customers being affected by this problem.
This vulnerability could also affect software that uses Hypertext Markup Language (HTML) functionality provided by Internet Explorer, even if Internet Explorer is not used as your default browser.
MORE INFORMATION
Update Information By Product:
Internet Explorer 4.01 and Internet Explorer 4.01 SP1 for Windows 95 and Windows NT 4.0 on Intel x86 platforms:
Update file name: Ie4usp.exe
Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security">http://www.microsoft.com/windows/ie/security</WWLINK>
Updated file name Size (bytes) Date Version --------------------------------------------------------- Mshtml.dll 2,414,864 12/18/98 4.72.3612.1700
Internet Explorer 4.01 and Internet Explorer 4.01 SP1 for Windows NT 4.0 on Alpha platforms:
Update file name: Ie4usp.exe
Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security">http://www.microsoft.com/windows/ie/security</WWLINK>
Updated file name Size (bytes) Date Version --------------------------------------------------------- Mshtml.dll 3,938,064 11-13-98 4.72.3511.1300
Windows 98:
Update file name: Ie4usp.exe
Available at: Microsoft Windows Update site
Updated file name Size (bytes) Date Version --------------------------------------------------------- Mshtml.dll 2,414,864 11-13-98 4.72.3511.1300
Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51:
Update file name: Ie416usp.exe
Available at: <WWLINK TYPE="GENERIC" VALUE="http://www.microsoft.com/windows/ie/security">http://www.microsoft.com/windows/ie/security</WWLINK>
Updated file name Size (bytes) Date Version --------------------------------------------------------- Mshtml16.dll 3,084,608 11-12-98 4.01.2510.1300
Reducing Your Risk If You Cannot Apply the Patch
Microsoft strongly encourages that you apply the patch. If you are unable to apply the patch, you can reduce your risk of being affected by this problem by temporarily disabling Active Scripting in Internet Explorer. To do so, follow these steps:
- Click Start, point to Settings, and then click Control Panel.
- Double-click Internet, and then click the Security tab.
- In the Zone box, click Internet Zone.
- Click Custom (For Expert Users), and then click Settings.
- Under Scripting, click Disable Under Active Scripting.
- Click OK.
- In the Zone box, click Restricted Sites Zone.
- Repeat steps 4-6.
- Click OK.
In addition, Microsoft recommends that you re-enable the prompt for submitting non-encrypted form data if it is disabled.
To enable this prompt, follow these steps:
- Click Start, point to Settings, and then click Control Panel.
- Double-click Internet, and then click the Security tab.
- In the Zone box, click Internet Zone.
- Click Custom (For Expert Users), and then click Settings.
- Under Miscellaneous, click Prompt or Disable (whichever you prefer) under Submit Non-Encrypted Form Data.
- Click OK.
- In the Zone box, click Restricted Sites Zone.
- Repeat steps 4-6.
- Click OK.
For additional information about Internet Explorer security zones, please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: How to Use Security Zones in Internet Explorer 4.0 TITLE : <WWLINK TYPE="ARTICLE" VALUE="Q174360">Q174360</WWLINK>
Keywords: kbenv kbinfo KB169245