Article ID: 251108 - Last Review: January 27, 2007 - Revision: 4.1

Update Available for the "Frame Domain Verification" Issue

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q251108

On March 6, 2001 Microsoft released information regarding a new variant of this vulnerability. For information on the variant and where to download the patch, see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS01-015.mspx (http://www.microsoft.com/technet/security/bulletin/MS01-015.mspx)
Expand all | Collapse all

SUMMARY

Microsoft has released an update to Internet Explorer that addresses a potential security issue where a malicious web site operator could view files on the computer of a visiting user. The web site operator would need to know (or guess) the name and location of the file, and could only view file types that can be opened in a browser window.

Additional information about this issue is available from the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-033.mspx (http://www.microsoft.com/technet/security/bulletin/ms00-033.mspx)
For additional information about the latest service pack for Internet Explorer 5.01, click the article number below to view the article in the Microsoft Knowledge Base:
267954  (http://support.microsoft.com/kb/267954/EN-US/ ) How to Obtain the Latest Internet Explorer 5.01 Service Pack

MORE INFORMATION

When a web server opens a frame within a window, the Internet Explorer security model should only allow the parent window to access the data in the frame if they are in the same domain. However, two functions available in Internet Explorer do not properly perform domain checking, with the result that the parent window could open a frame that contains a file on the local computer, then read it. This could allow a malicious web site operator to view files on the computer of a visiting user.

For additional information about resolving this problem, click the article number below to view the article in the Microsoft Knowledge Base:
262509  (http://support.microsoft.com/kb/262509/EN-US/ ) Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", "Malformed Component Attribute", and "WPAD Spoofing" Vulnerabilities
APPLIES TO
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
Back to the top
Keywords: 
kbbug KB251108
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers