Article ID: 290108 - Last Review: January 31, 2007 - Revision: 4.4 Incorrect MIME Header Can Cause Internet Explorer to Run E-mail AttachmentThis article was previously published under Q290108 On This PageSYMPTOMS Because HTML e-mail messages are Web pages, Internet
Explorer can render them and open binary attachments in a way that is
appropriate to their MIME type. However, there is a flaw in the type of
processing that is specified for certain unusual MIME types. If a malicious
user creates an HTML e-mail message that contains an attachment that can be run
and then modifies the MIME header information to specify that the attachment is
one of the unusual MIME types that Internet Explorer handles incorrectly,
Internet Explorer may run the attachment automatically when it renders the
e-mail message. A malicious user could use this vulnerability in either of two scenarios:
This vulnerability cannot be exploited if file downloads have been disabled in the security zone in which the e-mail message is rendered. However, this is not a default setting in any security zone. RESOLUTION You can install the patches that are listed below only on
systems that run Internet Explorer 5.01 Service Pack 1 (SP1) or Internet
Explorer 5.5 Service Pack 1 (SP1). This fix is already included in Internet
Explorer 5.01 Service Pack 2.
For additional information about Internet
Explorer 5.01 Service Pack 2, click the article number below to view the
article in the Microsoft Knowledge Base: 267954
(http://support.microsoft.com/kb/267954/EN-US/
)
How to Obtain the Latest Internet Explorer 5.01 Service Pack
NOTE: If you try to install one of the patches that are listed below
on an unsupported version of Internet Explorer, you receive the following error
message: Microsoft Internet Explorer Update This update does not need to be installed on this system.
164539
(http://support.microsoft.com/kb/164539/EN-US/
)
How to Determine Which Version of Internet Explorer Is Installed
Patch for Internet Explorer 5.5To resolve this problem, obtain the latest service pack for Internet Explorer version 5.5. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:267954
(http://support.microsoft.com/kb/267954/EN-US/
)
How to Obtain the Latest Internet Explorer 5.5 Service Pack
For your convenience, the individual update is also
available: The following file is available for download from the Microsoft Download Center: Collapse this image  -or- Collapse this image 119591
(http://support.microsoft.com/kb/119591/EN-US/
)
How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The English version of this update should have the
following file attributes or later: Date Time Version Size File name ---------------------------------------------------------- 02/20/2001 04:36p 5.50.4614.2000 1,147,152 Shdocvw.dll Patch for Internet Explorer 5.01To resolve this problem, obtain the latest service pack for Internet Explorer version 5.01. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:267954
(http://support.microsoft.com/kb/267954/EN-US/
)
How to Obtain the Latest Internet Explorer 5.01 Service Pack
For your convenience, the individual update is also
available for downloading.
The following file
is available for download from the Microsoft Download
Center:Collapse this image -or- Collapse this image For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base: 119591
(http://support.microsoft.com/kb/119591/EN-US/
)
How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The English version of this update should have the
following file attributes or later: Date Time Version Size File name --------------------------------------------------------- 02/20/2001 02:52p 5.0.3214.2000 1,103,632 Shdocvw.dll STATUSInternet Explorer 5.5Microsoft has confirmed that this is a problem in Internet Explorer 5.5. This problem was first corrected in Internet Explorer version 5.5 Service Pack 2.Internet Explorer 5.01Microsoft has confirmed that this is a problem in Internet Explorer 5.01. This problem was first corrected in Internet Explorer version 5.01 Service Pack 2.MORE INFORMATION For more information, see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms01-020.mspx
(http://www.microsoft.com/technet/security/bulletin/ms01-020.mspx)
APPLIES TO
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
