Article ID: 273868
Article Last Modified on 1/29/2007
APPLIES TO
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 4.01 Service Pack 1
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 4.01 Service Pack 1
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Windows 2000 Standard Edition
This article was previously published under Q273868
SYMPTOMS
Microsoft has released a patch that eliminates a vulnerability that may enable a malicious user to obtain your user ID and password for a Web site.
RESOLUTION
To resolve this problem, obtain the latest service pack for Internet Explorer version 5.01. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
267954 How to Obtain the Latest Internet Explorer 5.01 Service Pack
For your convenience, the individual update is also available for download. The following file is available for download from the Microsoft Download Center:
![[GRAPHIC: Download]](/wiki/index.php?title=File:Download.gif){kind=small}
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. NOTE: This patch requires that you have Internet Explorer 5.01 Service Pack 1 (SP1). If you install this patch and you are using a version of Internet Explorer other than Internet Explorer 5.01 SP1, the update is not installed and you may receive the following error message:
This message is correct if you are running Internet Explorer 5.5, which is not affected by this vulnerability. If you are running a version of Internet Explorer earlier than version 5.01 SP1, Microsoft recommends that you upgrade to Internet Explorer 5.01 SP1 and then install this patch, or upgrade to Internet Explorer 5.5.
The English-language version of this patch should have the following file attributes or later:
Date Time Size File name
-----------------------------------------
06/09/2000 10:34AM 89,360 Advpack.dll
09/25/2000 04:57PM 459,536 Wininet.dll
For additional information about how to determine which version of Internet Explorer that is installed, click the article number below to view the article in the Microsoft Knowledge Base:
164539 How to Determine Which Version of Internet Explorer Is Installed
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Internet Explorer version 5.01 Service Pack 2.
MORE INFORMATION
If you log on to a secure Web page by using basic authentication, and then visit a non-secure page on the same site, Internet Explorer automatically sends the cached credentials (typically your user ID and password) to the non-secure page. If a malicious user can control your network communications, the user can read your credentials and use them. However, the malicious user cannot force you to log on to a secure page; the user can use this vulnerability only to reveal credentials that are cached during the current Internet Explorer session.
For additional information about this issue, visit the following Microsoft Web site:
Additional query words: current determine hack advpack w95inf16 w95inf32 wininet dll security_patch
Keywords: kberrmsg kbfix kbgraphxlinkcritical kbqfe kbnetwork kbprb kbbrowse kbie501presp2fix KB273868
