Article ID: 262509
Article Last Modified on 1/27/2007
APPLIES TO
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 4.01 Service Pack 1
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 4.01 Service Pack 1
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 5.5
This article was previously published under Q262509
SUMMARY
Microsoft released an Internet Explorer security update on May 18, 2000, that eliminates four security vulnerabilities in Internet Explorer 4.01 Service Pack 2 (SP2) and 5.01:
- The "Frame Domain Verification" vulnerability, which could allow a malicious Web site operator to read, but not change or add, files on the computer of a visiting user.
- The "Unauthorized Cookie Access" vulnerability, which could allow a malicious Web site operator to access cookies belonging to a visiting user.
- The "Malformed Component Attribute" vulnerability, which could allow a malicious Web site operator to run code on the computer of a visiting user.
- A new variant of the "WPAD Spoofing" vulnerability that was fixed in Internet Explorer 5.01 (for information about this vulnerability, visit the http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx Web site).
MORE INFORMATION
For additional information about these vulnerabilities and the availability of a comprehensive update to eliminate them, please see the following Microsoft Web site:
Note This update may not appear when you click Product Updates on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft Download Center:
Updates are available only for Internet Explorer 4.01 Service Pack 2 (SP2) and Internet Explorer 5.01. Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 5, and 5.5 Beta are also vulnerable to this problem, but running the patch on a version of Internet Explorer 4.x earlier than 4.01 SP2, a version of Internet Explorer 5 earlier than 5.01, or Internet Explorer 5.5 Beta results in the message listed above. This patch is not listed as a critical update on the Microsoft Windows Update Web site unless you are running Internet Explorer 4.01 SP2 or 5.01.
Microsoft recommends that you update to Internet Explorer 4.01 SP2 or 5.01 and then install this patch. If you are using Internet Explorer 5.5 Beta, Microsoft recommends that you uninstall Internet Explorer 5.5 Beta and then install this patch for Internet Explorer 4.01 SP2 or 5.01. The final released version of Internet Explorer 5.5 will include all of the updates in this patch.
For more information about how to determine which version of Internet Explorer is installed, click the following article number to view the article in the Microsoft Knowledge Base:
164539 How to determine which version of Internet Explorer is installed
Update information by product
After you install this patch, "q262509" is displayed on the Update Versions line when you click About Internet Explorer on the Help menu, and the following files are updated (depending on which version of Internet Explorer you are using).
Internet Explorer 4.01 SP2 for Windows 95 and Windows 98
Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
- http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp
- http://windowsupdate.microsoft.com
File name Size Date Time Version
-----------------------------------------------------------
Wininet.dll 373,520 5/15/2000 9:41:26 AM 4.72.3717.1500
Internet Explorer 4.01 SP2 for Windows NT 4.0 (Intel)
Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
- http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp
- http://windowsupdate.microsoft.com
File name Size Date Time Version ------------------------------------------------------------ Wininet.dll 373,008 5/15/2000 11:13:34 AM 4.72.3717.1500
Internet Explorer 4.01 SP2 for Windows NT 4.0 (AXP)
Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
File name Size Date Time Version
-----------------------------------------------------------
Wininet.dll 664,336 5/15/2000 7:40:10 AM 4.72.3717.1500
Windows 2000 (All Versions) and Internet Explorer 5.01 for Windows 95, Windows 98, Windows 98 Second Edition, and Windows NT 4.0
Update File Name: Q262509.exe
Description: Security Update, August 9, 2000
Availability:
- http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp
- http://windowsupdate.microsoft.com
File name Size Date Time Version
--------------------------------------------------------------
Mshtml.dll 2,352,400 5/11/2000 4:14:40 PM 5.00.3017.1000
Shdocvw.dll 1,104,144 5/02/2000 12:24:36 PM 5.00.3015.2000
Urlmon.dll 449,808 5/03/2000 2:12:56 PM 5.00.3017.3000
Wininet.dll 460,560 5/12/2000 12:23:28 PM 5.00.3017.1200
Note This update has been revised since its original release to address a minor issue that causes Internet Explorer to display images incorrectly on some Web sites. Microsoft recommends that all users download this updated version.
REFERENCES
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
258430 Web site may retrieve cookies from your computer
251108 Update available for the "Frame Domain Verification" issue
255676 DocumentComplete on IFRAME may cause cross-domain security issues
261257 Malformed component attribute issue in Internet Explorer
247333 Web proxy auto-discovery "spoofing" may change proxy settings
Additional query words: wininet dll mshtml shdocvw urlmon
Keywords: kbinfo KB262509
