Article ID: 321309 - Last Review: March 29, 2007 - Revision: 2.5

MS02-019: Security Vulnerabilities in Internet Explorer and Office for Mac Can Cause Code to Run

View products that this article applies to.
This article was previously published under Q321309

On This Page

Expand all | Collapse all

SYMPTOMS

Microsoft has released a patch to address two new security vulnerabilities in Internet Explorer for Macintosh.

The first vulnerability is an unchecked buffer that is associated with the handling of a particular HTML element. A security vulnerability results because an attacker can run a buffer-overrun attack that tries to exploit this flaw. A successful attack would have the result of causing the program to fail, or to cause code of the attacker's choice to run as if it were run under the user's permissions.

The second vulnerability is a flaw in how Internet Explorer for Macintosh handles certain HTML elements that run AppleScripts that are stored on the local computer. This flaw makes it possible for locally-stored AppleScripts to be started outside the typical security restrictions. A vulnerability results because it is possible for a malicious user to exploit this and cause AppleScripts to run without the user's consent. The AppleScripts would run as if they had been started by the user, and might take the same actions as any AppleScript that is legitimately started by the user.
Back to the top

RESOLUTION

Macintosh OS X

To resolve this problem, use the Software Update feature in Macintosh OS X version 10.1 to install the Internet Explorer 5.1 Security Update. Additional information about the Software Update feature is available at the following Apple Computer Web site:
http://support.apple.com/kb/HT1338?viewlocale=en_US (http://support.apple.com/kb/HT1338?viewlocale=en_US)
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Back to the top

All Other Products

Download the update from the following Microsoft Web site:
http://www.microsoft.com/mac/download (http://www.microsoft.com/mac/download)
NOTE: As of April 2002, an update is under development for Microsoft PowerPoint 98 for Macintosh. When this update is available, this article will be updated.
Back to the top

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.
Back to the top

MORE INFORMATION

http://www.microsoft.com/technet/security/bulletin/ms02-019.mspx (http://www.microsoft.com/technet/security/bulletin/ms02-019.mspx)
Back to the top
APPLIES TO
  • Microsoft Internet Explorer 5.0 for Macintosh
  • Microsoft Outlook Express 4.0 for Macintosh
  • Microsoft Word 2001 for Mac
  • Microsoft Excel X for Mac
  • Microsoft Excel 2001 for Mac
  • Microsoft PowerPoint 2001 for Mac
  • Microsoft PowerPoint 98 for Macintosh
  • Microsoft Windows CE Platform Builder 3.0
  • Microsoft Entourage X for Mac
  • Microsoft Outlook Express 5.02 for Macintosh
  • Microsoft Exchange Update for Entourage X (Office v. X 10.1.4 Update)
Back to the top
Keywords: 
kbbug kbenv kbfix kbsecurity KB321309
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers