Patch available for "Frame Domain Verification," "Unauthorized Cookie Access," "Malformed Component Attribute," and "WPAD Spoofing" vulnerabilities

Article translations Article translations
Article ID: 262509
This article was previously published under Q262509
Expand all | Collapse all

On This Page

SUMMARY

Microsoft released an Internet Explorer security update on May 18, 2000, that eliminates four security vulnerabilities in Internet Explorer 4.01 Service Pack 2 (SP2) and 5.01:
  • The "Frame Domain Verification" vulnerability, which could allow a malicious Web site operator to read, but not change or add, files on the computer of a visiting user.
  • The "Unauthorized Cookie Access" vulnerability, which could allow a malicious Web site operator to access cookies belonging to a visiting user.
  • The "Malformed Component Attribute" vulnerability, which could allow a malicious Web site operator to run code on the computer of a visiting user.
  • A new variant of the "WPAD Spoofing" vulnerability that was fixed in Internet Explorer 5.01 (for information about this vulnerability, visit the http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx Web site).

MORE INFORMATION

For additional information about these vulnerabilities and the availability of a comprehensive update to eliminate them, please see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-033.mspx
Note This update may not appear when you click Product Updates on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft Download Center:
This update does not need to be installed on this system.
Updates are available only for Internet Explorer 4.01 Service Pack 2 (SP2) and Internet Explorer 5.01. Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 5, and 5.5 Beta are also vulnerable to this problem, but running the patch on a version of Internet Explorer 4.x earlier than 4.01 SP2, a version of Internet Explorer 5 earlier than 5.01, or Internet Explorer 5.5 Beta results in the message listed above. This patch is not listed as a critical update on the Microsoft Windows Update Web site unless you are running Internet Explorer 4.01 SP2 or 5.01.

Microsoft recommends that you update to Internet Explorer 4.01 SP2 or 5.01 and then install this patch. If you are using Internet Explorer 5.5 Beta, Microsoft recommends that you uninstall Internet Explorer 5.5 Beta and then install this patch for Internet Explorer 4.01 SP2 or 5.01. The final released version of Internet Explorer 5.5 will include all of the updates in this patch.

For more information about how to determine which version of Internet Explorer is installed, click the following article number to view the article in the Microsoft Knowledge Base:
164539 How to determine which version of Internet Explorer is installed

Update information by product

After you install this patch, "q262509" is displayed on the Update Versions line when you click About Internet Explorer on the Help menu, and the following files are updated (depending on which version of Internet Explorer you are using).

Internet Explorer 4.01 SP2 for Windows 95 and Windows 98

Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
   File name    Size     Date       Time        Version
   -----------------------------------------------------------
   Wininet.dll  373,520  5/15/2000  9:41:26 AM  4.72.3717.1500 
				

Internet Explorer 4.01 SP2 for Windows NT 4.0 (Intel)

Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
   File name    Size     Date       Time         Version
   ------------------------------------------------------------
   Wininet.dll  373,008  5/15/2000  11:13:34 AM  4.72.3717.1500 

Internet Explorer 4.01 SP2 for Windows NT 4.0 (AXP)

Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
   File name    Size     Date       Time        Version
   -----------------------------------------------------------
   Wininet.dll  664,336  5/15/2000  7:40:10 AM  4.72.3717.1500
				

Windows 2000 (All Versions) and Internet Explorer 5.01 for Windows 95, Windows 98, Windows 98 Second Edition, and Windows NT 4.0

Update File Name: Q262509.exe
Description: Security Update, August 9, 2000
Availability:
   File name    Size       Date       Time         Version
   --------------------------------------------------------------
   Mshtml.dll   2,352,400  5/11/2000   4:14:40 PM  5.00.3017.1000
   Shdocvw.dll  1,104,144  5/02/2000  12:24:36 PM  5.00.3015.2000
   Urlmon.dll     449,808  5/03/2000   2:12:56 PM  5.00.3017.3000
   Wininet.dll    460,560  5/12/2000  12:23:28 PM  5.00.3017.1200 
				
Note This update has been revised since its original release to address a minor issue that causes Internet Explorer to display images incorrectly on some Web sites. Microsoft recommends that all users download this updated version.

REFERENCES

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
258430 Web site may retrieve cookies from your computer
251108 Update available for the "Frame Domain Verification" issue
255676 DocumentComplete on IFRAME may cause cross-domain security issues
261257 Malformed component attribute issue in Internet Explorer
247333 Web proxy auto-discovery "spoofing" may change proxy settings

Properties

Article ID: 262509 - Last Review: February 3, 2011 - Revision: 5.2
Keywords: 
kbinfo KB262509
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com