Article ID: 279330 - Last Review: March 29, 2007 - Revision: 4.3 Patch Available for New Variant of the "Frame Domain Verification" VulnerabilityThis article was previously published under Q279330 On This PageSUMMARY Microsoft has released an update to Internet Explorer that
addresses a potential security issue that would enable a malicious Web site
operator to open two frames, one in his or her domain and another on the user's
local file system, and enables the malicious Web site operator to pass
information from the user's computer to his or her domain. Additional information about this issue is available from the following Microsoft Web site: http://www.microsoft.com/technet/security/bulletin/MS00-093.mspx
(http://www.microsoft.com/technet/security/bulletin/MS00-093.mspx)
MORE INFORMATION This issue is also described in the following Microsoft
Security Bulletins: http://www.microsoft.com/technet/security/bulletin/MS00-033.mspx
(http://www.microsoft.com/technet/security/bulletin/MS00-033.mspx)
http://www.microsoft.com/technet/security/bulletin/MS00-055.mspx
(http://www.microsoft.com/technet/security/bulletin/MS00-055.mspx)
Several functions do not enforce proper separation of frames in
the same window that reside in different domains. The new variant involves an
additional function with the same flaw. As of 12/12/2000, this patch eliminates
all known variants of this vulnerability. Patch AvailabilityTo install the patch, view the following Microsoft Web site:http://www.microsoft.com/windows/ie/download/critical/279328.htm
(http://www.microsoft.com/windows/ie/download/critical/279328.htm)
NOTE: This update may not appear on the Microsoft Windows Update Web
site, or you may receive the following message when you are installing this
update from the Microsoft.com Web site: This update does
not need to be installed on this system. For additional information about how to determine the version of Internet Explorer you are using, click the article number below to view the article in the Microsoft Knowledge Base: 164539
(http://support.microsoft.com/kb/164539/EN-US/
)
How to Determine Which Version of Internet Explorer Is Installed
The Q279328.exe file contains the following files: Internet Explorer 5.5 Service Pack 1: Date Time Version Size File name ------------------------------------------------------------------- 11-13-00 2:06pm 5.50.4611.1300 2,681 Mshtml.dll 11-13-00 12:49pm 5.50.4611.1300 399 Mshtmled.dll 11-13-00 2:07pm 5.50.4611.1300 1,120 Shdocvw.dll Internet Explorer 5.5: Date Time Version Size File name ------------------------------------------------------------------ 07-28-00 3:16pm 5.50.4207.2600 109 Asctrls.ocx Internet Explorer 5.01 Service Pack 1: Date Time Version Size File name ------------------------------------------------------------------ 11-13-00 2:35pm 5.00.3211.1700 2,298 Mshtml.dll 11-03-00 3:22pm 5.00.3211.300 1,078 Shdocvw.dll 279881
(http://support.microsoft.com/kb/279881/EN-US/
)
Patch Available for New Variant of Scriptlet Rendering Vulnerability
279329
(http://support.microsoft.com/kb/279329/EN-US/
)
Patch Available for File Upload via Form Vulnerability
279328
(http://support.microsoft.com/kb/279328/EN-US/
)
Patch Available for Browser Print Template Vulnerability
For additional
information about the latest service pack for Windows 2000, click the article
number below to view the article in the Microsoft Knowledge Base: 260910
(http://support.microsoft.com/kb/260910/EN-US/
)
How to Obtain the Latest Windows 2000 Service Pack
APPLIES TO
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
