Article ID: 279328 - Last Review: July 24, 2007 - Revision: 3.2 Patch Available for "Browser Print Template" VulnerabilityThis article was previously published under Q279328 On This PageSUMMARY
Microsoft has released an update to Internet Explorer that addresses a potential security issue in which a Web-based program could invoke a custom print template without approval from the user. Additional information about this issue is available from the following Microsoft Web site: http://www.microsoft.com/technet/security/bulletin/ms00-093.mspx
(http://www.microsoft.com/technet/security/bulletin/ms00-093.mspx)
MORE INFORMATION
Internet Explorer 5.5 includes a feature known as Print Templates, which provides the ability to customize how browser pages will look when they are previewed and printed. A vulnerability exists in the feature that would enable a Web-based program to invoke a custom print template without approval from the user. This poses a security hazard because print templates are, by design, trusted code and therefore able to execute ActiveX controls, even ones that are not marked as safe for scripting.
Patch AvailabilityInternet Explorer 5.5:To install the patch, view the following Microsoft Web site: http://www.microsoft.com/windows/ie/download/critical/279328.htm
(http://www.microsoft.com/windows/ie/download/critical/279328.htm)
Internet Explorer 5.01:To resolve this problem, obtain the latest service pack for Internet Explorer version 5.01. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 267954
(http://support.microsoft.com/kb/267954/EN-US/
)
How to Obtain the Latest Internet Explorer 5.01 Service Pack
For your convenience, the individual update is also available for download from the following Microsoft Web site:
http://www.microsoft.com/windows/ie/download/critical/279328.htm
(http://www.microsoft.com/windows/ie/download/critical/279328.htm)
Microsoft has confirmed that this is a problem in Microsoft Internet Explorer 5.01. This problem was first corrected in Internet Explorer version 5.01 Service Pack 2.Q279328.exe File Attributes: Internet Explorer 5.5 Service Pack 1: Date Time Version Size File name ------------------------------------------------------------------- 11-13-00 2:06pm 5.50.4611.1300 2,681 Mshtml.dll 11-13-00 12:49pm 5.50.4611.1300 399 Mshtmled.dll 11-13-00 2:07pm 5.50.4611.1300 1,120 Shdocvw.dll Internet Explorer 5.5: Date Time Version Size File name ------------------------------------------------------------------ 07-28-00 3:16pm 5.50.4207.2600 109 Asctrls.ocx Internet Explorer 5.01 Service Pack 1: Date Time Version Size File name ------------------------------------------------------------------ 11-13-00 2:35pm 5.00.3211.1700 2,298 Mshtml.dll 11-03-00 3:22pm 5.00.3211.300 1,078 Shdocvw.dll 279330
(http://support.microsoft.com/kb/279330/EN-US/
)
Patch Available for New Variant of the Frame Domain Verification Vulnerability
279329
(http://support.microsoft.com/kb/279329/EN-US/
)
Patch Available for File Upload Via Form Vulnerability
279881
(http://support.microsoft.com/kb/279881/EN-US/
)
Patch Available for New Variant of Scriptlet Rendering Vulnerability
APPLIES TO
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
