JavaScript Redirect Vulnerability in Internet Explorer

Article translations Article translations
Article ID: 244233 - View products that this article applies to.
This article was previously published under Q244233
Expand all | Collapse all

On This Page

SYMPTOMS

Under certain circumstances, a malicious Web site operator could use a JavaScript redirect command to read files on a computer if the browser is redirected to a malicious Web site. Files can be read only if the name of the file, and the name of the folder in which the file is located, is known by the malicious operator. This vulnerability does not allow the malicious operator to list the contents of folders; create, modify, or delete files; or to gain administrative control of the computer.

RESOLUTION

For information about obtaining an update that corrects this issue, please see the following article in the Microsoft Knowledge Base:
244357 Update for 'Javascript Redirect' in Internet Explorer 5

WORKAROUND

To temporarily work around this issue, add trusted sites to the Trusted Sites zone and disable Active Scripting in the Internet zone.

Adding Sites to the Trusted Sites Zone

You can add Web sites that you explicitly trust not to take malicious action on your computer to the Trusted Sites zone. To add Web sites to the Trusted Sites zone:
  1. Click Start, point to Settings, click Control Panel, and then double-click Internet Options.

    If you are using Internet Explorer 4.x, double-click Internet in Control Panel.
  2. Click the Security tab, click Trusted Sites, click Sites, and then type the name of a Web site that you know can be trusted. For example, type: https://www.microsoft.com. Repeat this step for each Web site you want to add.

    NOTE: When you add sites to the Local Intranet or Trusted Sites zone, you can require that server verification be used by clicking to select the Require server verification (https:) for all sites in this zone check box.
  3. Click OK.
  4. Click OK.
For additional information about the security zones, click the article number below to view the article in the Microsoft Knowledge Base:
174360 How to Use Security Zones in Internet Explorer

Disable Active Scripting

To disable Active Scripting:
  1. Click Start, point to Settings, click Control Panel, and then double-click Internet Options.

    If you are using Internet Explorer 4.x, double-click Internet in Control Panel.
  2. Click the Security tab.
  3. Click the Internet zone, and then click Custom Level.

    If you are using Internet Explorer 4.x, click Internet Zone.
  4. In the Settings box, locate the Scripting section, and then click Disable under Active Scripting.
  5. Click OK.
  6. Click OK.

Properties

Article ID: 244233 - Last Review: January 25, 2007 - Revision: 3.1
APPLIES TO
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
Keywords: 
kbenv kbprb KB244233
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com