|
|
| |
| Microsoft has released a single patch that eliminates two security vulnerabilities in Microsoft Internet Explorer 4 and 5. The first can cause arbitrary code to run and the second causes local files to be read. A fully supported patch is available that eliminates both vulnerabilities. |
| |
Credit:
The patch can be downloaded at:
http://www.microsoft.com/windows/ie/security/favorites.asp
For more information related to this issue, read Microsoft's Security Bulletin MS99-018: http://www.microsoft.com/security/bulletins/ms99-018.asp
Two Knowledge base articles are available on this subject.
Q231450: http://support.microsoft.com/support/kb/articles/q231/4/50.asp.
Q231452: http://support.microsoft.com/support/kb/articles/q231/4/52.asp
|
| |
This update eliminates two vulnerabilities:
- The "Malformed Favorites Icon" vulnerability. The Favorites feature allows IE users to keep a list of their favorite web sites. In IE 5, the Favorites list can contain icons that are supplied by the associated web sites. However, there is an unchecked buffer in the implementation. A malformed icon can cause a buffer overrun and can potentially be used to run arbitrary code on the user's computer. This vulnerability only affects IE 5 when run on Windows 95 or 98; it does not affect Windows NT.
- The "Legacy ActiveX Control" vulnerability. An ActiveX control that was used by previous versions of IE also was included in IE 4 and IE 5 even though it is not used by either. It could be misused to allow a web site to read the user's local hard drive. The update eliminates the vulnerability by removing the control.
|
|
|
|
|
|
|
|
