Article ID: 902225
Article Last Modified on 10/18/2007
APPLIES TO
- Microsoft Windows Server 2003 SP1, when used with:
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP for Itanium-based Systems Version 2003
- Microsoft Windows XP Professional 64-Bit Edition (Itanium)
- Microsoft Windows 98 Second Edition
- Microsoft Windows 98 Standard Edition
- Microsoft Windows Millennium Edition
SYMPTOMS
After you install security update 896358 or Microsoft Windows Server 2003 Service Pack 1 (SP1), you may experience one or both of the following symptoms after you click a link to an HTML Help .chm file in Internet Explorer:
- Topics in the .chm file cannot be viewed when you click Open instead of Save in the File Download dialog box.
- Topics in the .chm file cannot be viewed when you click Save in the File Download dialog box, and you then try to open the file.
Note This article contains information that is supplemental to the following Microsoft Knowledge Base articles:
232077 Executing files by hyperlink and the File Download dialog box
896054 You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1
896358 MS05-026: A vulnerability in HTML Help could allow remote code execution
CAUSE
Security update 896358 and Windows Server 2003 SP1 include changes to the InfoTech protocol that block the ability to view remote content. These changes were introduced to reduce security vulnerabilities in HTML Help. After you install 896358 or Windows Server 2003 SP1, files in the Temporary Internet Files folder are treated as content from the Internet zone. Therefore, files may be blocked when you click Open in the File Download dialog box. Additionally, after you install 896358 or Windows Server 2003 SP1, Attachment Manager may treat a downloaded .chm file as an untrusted file. Therefore, you may not be able to open the file. These effects are expected and intended effects of installing the security update and of installing Windows Server 2003 SP1.
RESOLUTION
Resolution for end users
Warning If you are prompted to open or to save a .chm file from a Web site, you should do so only if you need the file and if you trust the Web site that is providing the file.
In the File Download dialog box, click Save, and then choose where you want to save the .chm file. Then, use one of the following methods:
Method 1
- Double-click the .chm file.
- In the Open File-Security Warning dialog box, click to clear the Always ask before opening this file check box.
- Click Open.
Method 2
- Right-click the CHM file, and then click Properties.
- Click Unblock.
- Double-click the .chm file to open the file.
Resolution for system administrators
To resolve this issue, use one of the following methods.
If your intranet Web page uses the HTTP URL scheme to link to .chm files, security update 896358 may prevent users from seeing topics in the .chm file. Replacing an HTTP file path with a UNC file path can make it possible again to open .chm files from the Web page.
To use a UNC file path instead of an HTTP URL, follow these steps:
- Put the .chm files on a file share server that can be addressed by using a UNC file path.
A UNC file path looks similar to the following path:\\productmanuals\helpfiles
- Use the ItssRestrictions\UrlAllowList value to enable the systems in your intranet to access the .chm files from that file share.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:896054 You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1
- Update the links on your intranet Web page to use UNC file paths in the URLs that link to the .chm files.
Note This method works only for pages that are served from the Intranet zone. This method does not work for pages that are served from the Internet zone.
Set up Web applications to download .chm files
On the Web page that links to .chm files, add instructions that advise the user to save the file instead of opening the file directly. For more information, see the "Resolution for end users" section.
You can also use the DownloadOptions <META> tag to remove the Open button from the File Download dialog box that appears after a user clicks a link to the .chm file. Put this tag inside the <head> tag of your HTML page. This usage is illustrated in the following example.
<head> <META name="DownloadOptions" content="noopen"> </head>
For more information, visit the following Microsoft Web site:
Note The use of the DownloadOptions <META> tag is supported only in Microsoft Windows XP with Service Pack 2 and in Windows Server 2003 with Service Pack 1.
MORE INFORMATION
Overview and examples for system administrators
For more information about security update 896358 and how you can re-enable Web applications that are affected by this update, click the following article number to view the article in the Microsoft Knowledge Base:
896358 MS05-026: Vulnerability in HTML Help could allow remote code execution
Internet Explorer
For more information about opening files by hyperlink in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:
232077 Executing files by hyperlink and the File Download dialog box
For more information about how to use security zones in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:
174360 How to use security zones in Internet Explorer
Technical support for x64-based versions of Microsoft Windows
On computers that are running x64-based versions of Microsoft Windows, you may have to adapt the instructions in the "Resolution" section about how to modify the registry. For example, you might have to modify a different part of the registry, depending on whether you want to modify the 32-bit or the 64-bit functionality. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
896459 Registry changes in Windows x64 Edition-based operating systems
Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.
For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:
For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:
Keywords: kbtshoot kbsecurity kbprb kbexpertiseadvanced kbexpertiseinter KB902225
