Knowledge Base

MS03-015: April, 2003, Cumulative patch for Internet Explorer

Article ID: 813489

Article Last Modified on 3/31/2007

APPLIES TO

Microsoft Internet Explorer 6.0 Service Pack 1, when used with:
- Microsoft Windows XP Professional
- Microsoft Windows XP Embedded
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows NT 4.0 Service Pack 6
- Microsoft Windows Millennium Edition
- Microsoft Windows 98 Second Edition
Microsoft Internet Explorer 6.0, when used with:
- Microsoft Windows XP Professional
Microsoft Internet Explorer 5.5, when used with:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows NT 4.0 Service Pack 6a
- Microsoft Windows Millennium Edition
- Microsoft Windows 98 Second Edition
Microsoft Internet Explorer 5.01 Service Pack 3, when used with:
- Microsoft Windows 2000 Service Pack 3

SUMMARY

Microsoft has released a cumulative patch for Internet Explorer. This cumulative patch includes updates for the issues that are described in the following Microsoft Knowledge Base article:

810847 MS03-004: February, 2003, Cumulative Patch for Internet Explorer

This cumulative patch also addresses the following four newly discovered vulnerabilities:

A buffer overrun vulnerability in Urlmon.dll that occurs because Internet Explorer does not correctly check the parameters of return communications requests from a Web server. An attacker might be able to use this vulnerability to run arbitrary code on your computer. Although just visiting an attacker's Web site might exploit the vulnerability without any other action on your part, an attacker has no way to force you to visit the Web site.
A vulnerability in the Internet Explorer file upload control that permits input from a script to be passed to the control. This might allow an attacker to automatically input a file name in the file upload control and automatically upload a file to a Web server.
A problem in the way that Internet Explorer handles the rendering of third-party files. This problem occurs because the Internet Explorer method for rendering third-party file types does not correctly check parameters that are passed to the method. An attacker can create a specially formed URL to inject script during the rendering of a third-party file format that runs in your context.
A problem in the way that modal dialog boxes are treated by Internet Explorer. This problem occurs because an input parameter is not correctly checked. This might allow an attacker to use an injected script that can provide the attacker access to files stored on your computer. Although just visiting the Web site might exploit the vulnerability without any other action on your part, an attacker has no way to force you to visit the Web site.

Notes

This patch also includes a fix for Internet Explorer 6 Service Pack 1 (SP1) to correct the method that Internet Explorer uses to show Help information in the Local Computer zone. Although Microsoft is not aware of a method to exploit this vulnerability by itself, if the vulnerability were exploited, an attacker might read local files on the computer.

This patch also sets the "Kill" bit on the following ActiveX controls:

Description	File name	CLSID	Reference
Microsoft HTML Help control	Hhctrl.ocx	ADB880A6-D8FF-11CF-9377-00AA003B7A11	323255
ActiveX Plugin control	Plugin.ocx	06DD38D3-D187-11CF-A80D-00C04FD74AD8	813489
DirectX Files Viewer control	XWeb.ocx	{970C7E08-05A7-11D0-89AA-00A0C9054129}	810202

For more information about the Kill bit, click the following article number to view the article in the Microsoft Knowledge Base:

240797 How to stop an ActiveX control from running in Internet Explorer

Because this patch sets the Kill bit on the Microsoft HTML Help control, you may experience broken links in Help if you have not installed the updated HTML Help control from Microsoft Knowledge Base article 811630. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

811630 HTML Help update to limit functionality when it is invoked with the window.showHelp( ) method
Like the previous Internet Explorer cumulative patch in bulletin MS03-004, this cumulative patch causes the window.showHelp method to stop functioning if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Microsoft Knowledge Base article 811630, you can still use HTML Help functionality after you apply this update. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

811630 HTML Help Update to Limit Functionality When It Is Invoked with the window.showHelp( ) Method
This patch also addresses an issue that prevents previous cumulative patches for Internet Explorer from being installed successfully on Microsoft Windows XP-based computers in non-interactive mode (for example, by using Windows Task Scheduler, Microsoft Systems Management Server, or the IBM Tivoli software).

For more information about this patch, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-015.mspx

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

811630 HTML Help update to limit functionality when it is invoked with the window.showHelp( ) method

MORE INFORMATION

Download information

To download and install this update, visit the following Microsoft Windows Update Web site and install Critical Update 813489:

http://windowsupdate.microsoft.com

Administrators can download this update from the Microsoft Download Center or from the Windows Update Catalog to deploy to multiple computers. If you want to obtain this update to install later on one or more than one computer, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog. For more information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:

323166 How to download updates and drivers from the Windows Update Catalog or from the Microsoft Update Catalog

To download this update from the Microsoft Download Center, visit the following Microsoft Web site:

http://www.microsoft.com/windows/ie/ie6/downloads/critical/813489/default.mspx

For more information about how to download files from the Microsoft Download Center, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation information

You must be logged on as an administrator to install this update. To download and install this update, visit the following Windows Update Web site and install Critical Update 813489:

http://windowsupdate.microsoft.com

To install a downloaded version of this update, run the q813489.exe file that you downloaded by using the appropriate setup switches. Administrators can deploy this update by using Microsoft Software Update Services (SUS). For more information about SUS, click the following article number to view the article in the Microsoft Knowledge Base:

810796 Software Update Services Overview white paper available

To verify that this update has been installed on your computer, use any of the following methods:

Confirm that Q813489 is listed in the Update Versions field of the About Internet Explorer dialog box.
Compare the versions of the updated files on your computer to the File Information section of this article.
Confirm that the following registry key exists and contains an IsInstalled DWORD value that is set to 1:

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}

Prerequisites

To install the Internet Explorer 6 version of this update, you must be running Internet Explorer 6 (version 6.00.2600.0000) on a 32-bit version of Windows XP.

To install the Internet Explorer 6 SP1 versions of this update, you must be running Internet Explorer 6 SP1 (version 6.00.2800.1106) on Windows XP SP1 (32-bit or 64-bit versions), Windows XP (32-bit versions only), Windows 2000 Service Pack 2 (SP2) or Service Pack 3 (SP3) , Windows NT 4.0 Service Pack 6a (SP6a), Windows Millennium Edition, or Windows 98 Second Edition.

To install the Internet Explorer 5.5 version of this update, you must be running Internet Explorer 5.5 Service Pack 2 (version 5.50.4807.2300) on Windows 2000 SP3, Windows NT 4.0 SP6a, Windows Millennium Edition, or Windows 98 Second Edition.

To install the Internet Explorer 5.01 version of this update, you must be running Internet Explorer 5.01 Service Pack 3 (version 5.00.3502.1000) on Windows 2000 SP3. For more information about how to determine which version of Internet Explorer you are running, click the following article number to view the article in the Microsoft Knowledge Base:

164539 How to determine which version of Internet Explorer is installed

For more information about support lifecycles for Windows operating system components, visit the following Microsoft Web site:

http://support.microsoft.com/lifecycle/

For more information about how to obtain SP1 for Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to obtain the latest service pack for Internet Explorer 6

For more information about how to obtain the latest service pack for Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

276369 How to obtain the latest service pack for Internet Explorer 5.5

For more information about how to obtain SP3 for Internet Explorer 5.01, click the following article number to view the article in the Microsoft Knowledge Base:

267954 How to obtain the latest Internet Explorer 5.01 service pack

Restart requirements

For the Internet Explorer 6 SP1 package, you must restart your computer to complete the installation of this update. For all other versions of this package, you must restart your computer and log on as an administrator to complete the installation of this update.

Previous update status

This update supercedes the MS03-004: February, 2003, Cumulative Patch for Internet Explorer update.

Setup switches

The update packages for this patch support the following switches:

/q Specifies Quiet mode or suppresses messages when the files are being extracted.
/q:u Specifies User-Quiet mode, which presents some dialog boxes to the user.
/q:a Specifies Administrator-Quiet mode, which does not present any dialog boxes to the user.
/t: path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
/c: path Specifies the path and name of the Setup .inf file or the .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a .
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the user.
/n:v No version checking. Use this switch with caution to install the update on any version of Internet Explorer.

For example, to install the update without any user intervention and to not force the computer to restart, run the following command:

q813489.exe /q:a /r:n

File information

The English version of this fix has the file attributes (or later) that are listed in the following tables. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are installed in the %Windir%\System folder in Windows 98, Windows 98 Second Edition, and Windows Millennium Edition. They are installed in the %Windir%\System32 folder in Windows NT 4.0, Windows 2000, and Windows XP.

Internet Explorer 6 SP1 (32-bit)

   Date         Time   Version        Size       File name
   ---------------------------------------------------------
   24-Feb-2003  17:31  6.0.2800.1170  2,787,840  Mshtml.dll
   24-Feb-2003  17:32  6.0.2800.1170  1,339,904  Shdocvw.dll
   24-Mar-2003  19:18  6.0.2800.1170    483,328  Urlmon.dll

Internet Explorer 6 SP1 (64-bit)

   Date         Time   Version        Size       File name    Platform
   -------------------------------------------------------------------
   24-Feb-2003  16:50  6.0.2800.1170  9,075,200  Mshtml.dll   IA-64
   24-Feb-2003  16:57  6.0.2800.1170  3,648,000  Shdocvw.dll  IA-64
   24-Mar-2003  20:31  6.0.2800.1170  1,411,584  Urlmon.dll   IA-64

Internet Explorer 6

   Date         Time   Version        Size       File name
   ---------------------------------------------------------
   25-Feb-2003  21:19  6.0.2726.2500  2,762,240  Mshtml.dll
   24-Mar-2003  15:25  6.0.2722.900      34,304  Pngfilt.dll
   04-Mar-2002  23:09  6.0.2715.400     548,864  Shdoclc.dll
   05-Nov-2002  15:01  6.0.2723.100   1,336,320  Shdocvw.dll
   24-Mar-2003  15:25  6.0.2715.400     109,568  Url.dll
   24-Mar-2003  15:00  6.0.2727.2400    481,280  Urlmon.dll
   06-Jun-2002  16:38  6.0.2718.400     583,168  Wininet.dll

Internet Explorer 5.5 SP2

   Date         Time   Version         Size       File name
   ----------------------------------------------------------
   25-Feb-2003  21:04  5.50.4926.2500  2,759,440  Mshtml.dll 
   16-Oct-2002  23:01  5.50.4922.900      48,912  Pngfilt.dll
   04-Nov-2002  13:27  5.50.4923.500   1,149,200  Shdocvw.dll
   05-Mar-2002  00:53  5.50.4915.500      84,240  Url.dll    
   21-Mar-2003  16:40  5.50.4927.2100    451,344  Urlmon.dll 
   06-Jun-2002  20:27  5.50.4918.600     481,552  Wininet.dll

Internet Explorer 5.01 SP3 (Windows 2000 Only)

   Date         Time   Version        Size       File name
   ---------------------------------------------------------
   28-Mar-2003  21:20  5.0.3516.2800  2,357,008  Mshtml.dll 
   14-Oct-2002  14:28  5.0.3510.1100     48,912  Pngfilt.dll
   09-Jan-2003  21:41  5.0.3513.900   1,108,752  Shdocvw.dll
   05-Mar-2002  00:53  5.50.4915.500     84,240  Url.dll    
   21-Mar-2003  15:55  5.0.3516.2100    451,344  Urlmon.dll 
   07-Jun-2002  22:56  5.0.3506.1000    461,584  Wininet.dll

Note Because of file dependencies, these updates may also contain additional files.

Removal information

To remove (uninstall) this update, use the Add or Remove Programs (or Add/Remove Programs) tool in Control Panel. Click Internet Explorer Q813489, and then click Change/Remove (or Add/Remove). System administrators can use the Ieunist.exe utility to remove this update. Ieuninst.exe is located in the %Windir% folder and supports the following command-line switches:

/? Show the list of supported switches.
/z Do not restart when installation is complete.
/q Use Quiet mode (no user interaction).

For example, to remove this update quietly, use the following command:

c:\windows\ieuninst /q c:\windows\inf\q813489.inf

Note This command line assumes that Windows is installed in the C:\Windows folder.

Known issues

If you try to install this update but you are not logged on as an administrator, you may receive the following warning message:

Warning
You do not have administrator privileges on this machine. Some installations cannot be completed correctly unless they are run by an administrator. Do you want to continue?

If you click Continue, you may receive the following message:

Microsoft Internet Explorer Update
Do you want to install this update?

If you click Yes, you may receive the following error message:

Advanced INF Installer
You do not have administrator privileges on this machine. This installation cannot be completed correctly unless it is run by an administrator.

If you click OK, you may receive the following message:

Microsoft Internet Explorer Update
This update has been installed.

This message is incorrect. The update has not been installed.
If you install both the 32-bit and 64-bit versions of this update on Windows XP 64-Bit Edition, both updates are listed as "Internet Explorer Q813489" in the Add or Remove Programs tool in Control Panel. After you remove one of these updates, you receive an "Invalid INF file" error message when you try to remove the second update.
For more information about known issues that may occur after you install this update, click the following article number to view the article in the Microsoft Knowledge Base:

325192 Issues after you install updates to Internet Explorer or Windows
You can install the Internet Explorer 5.5 SP2 version of the 813489 critical update on a Windows 2000 SP3-based computer that is running Internet Explorer 5.01 SP3. To resolve this issue, remove the Internet Explorer 5.5 SP2 version of the 813489 critical update, and then install the Internet Explorer 5.01 SP3 version of the 813489 critical update. Administrators can use the Ieuninst.exe tool to remove the Internet Explorer 5.5 SP2 update as discussed in the "Removal Information" section of this article. For example, to remove the update quietly, use the following command:

c:\windows\ieuninst /q c:\windows\inf\q813489.inf

Note This command line assumes that Windows is installed in the C:\Windows folder.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Keywords: kbwin2ksp4fix kbsecurity KB813489

Microsoft KB Archive/813489

Contents