Article ID: 244356 - Last Review: August 23, 2007 - Revision: 3.3

Update for "Javascript Redirect" Vulnerability in Internet Explorer 4.01

View products that this article applies to.

This article was previously published under Q244356

SYMPTOMS

Microsoft has made an update available that addresses a potential security issue in which an HTTP redirect to a javascript:url can be used to compromise security. This issue could allow a malicious Web site operator to read files on the local computer, although the intruder would have to know the name and location of the file. The vulnerability does not allow the malicious user to list the contents of folders, create, modify or delete files.

Additional information about this issue is available from the following Microsoft Web sites:

http://www.microsoft.com/windows/ie/community/columns/securityupgrade.mspx (http://www.microsoft.com/windows/ie/community/columns/securityupgrade.mspx)
http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx (http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx)

Updates are available for the following products:

Microsoft Internet Explorer 4.01 SP2 for Windows 95
Microsoft Internet Explorer 4.01 SP2 for Windows NT 4.0 (Alpha and x86)
Microsoft Windows 98

Back to the top

RESOLUTION

To obtain this update, download and install the appropriate Q244356.exe file for your computer from Microsoft site link below. This link navigates you to the 4.01 fix (Q244356) after you select the proper platform from the drop down dialog.

http://www.microsoft.com/msdownload/iebuild/jsredir/en/jsredir.htm (http://www.microsoft.com/msdownload/iebuild/jsredir/en/jsredir.htm)

The English-language version of this fix should have the following file attributes or later:

Internet Explorer 4.01 Service Pack 2
   File name           Size                Date       Version
   ----------------------------------------------------------------
   Urlm95.dll          449,808 (x86)       10-25-99   4.72.3710.2500
   Urlmnt.dll          490,256 (x86)       10-25-99   4.72.3710.2500
   Urlmon.dll          830,736 (alpha)     10-25-99   4.72.3710.2500

Note that the Urlm95.dll and Urlmnt.dll files are renamed to Urlmon.dll when they are installed to their respective Windows 95 or Windows NT platform.

Back to the top

MORE INFORMATION

After you install this update "Q244356" is added to the Update Versions line when you click About Internet Explorer on the Help menu in Internet Explorer.
For additional information about the update for Internet Explorer 5, click the article number below to view the article in the Microsoft Knowledge Base:

244357 (http://support.microsoft.com/kb/244357/EN-US/ ) Update for "Javascript Redirect" Vulnerability in Internet Explorer 5

Back to the top

APPLIES TO

Microsoft Internet Explorer 4.01 Service Pack 2

Back to the top

kbprb KB244356

Back to the top

Retired KB Content Disclaimer

This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Back to the top