MS02-015: Update Available for Script Execution Vulnerability in Internet Explorer

Article translations Article translations
Article ID: 319236 - View products that this article applies to.
This article was previously published under Q319236
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SYMPTOMS

A script that is embedded in a cookie could be run in the wrong zone. This elevation-of-privilege vulnerability exists in the zone-determination policy function in Internet Explorer. Specifically, the script could run in the My Computer zone.

Internet Explorer zone security is a system that you can use to divide online content into categories, or zones. You can assign specific Web sites to each zone, depending on how much you trust the content of each site. Internet Explorer includes predefined security zones for the Local Intranet zone, the Trusted Sites zone, the Internet zone, and the Restricted Sites zone. In addition, the My Computer zone includes everything on the client computer, which is typically the contents of the hard disk and removable-media drives.

CAUSE

This vulnerability occurs because the function that performs zone-determination policy does not correctly assign the script that is embedded in a cookie to run in the Internet zone.

RESOLUTION

Internet Explorer 6

To resolve this problem, obtain the latest service pack for Internet Explorer 6. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
328548 How to Obtain the Latest Internet Explorer 6 Service Pack
The update for this problem is included in the "March 28, 2002, Cumulative Patch for Internet Explorer." For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:
319182 MS02-015: March 28, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.5 Service Pack 2

The update for this problem is included in the "March 28, 2002, Cumulative Patch for Internet Explorer." For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:
319182 MS02-015: March 28, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.5 Service Pack 1

The update for this problem is included in the "March 28, 2002, Cumulative Patch for Internet Explorer." For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:
319182 MS02-015: March 28, 2002, Cumulative Patch for Internet Explorer

STATUS

Internet Explorer 6

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 6. This problem was first corrected in Internet Explorer 6 Service Pack 1.

Internet Explorer 5.5

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 5.5.

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms02-015.mspx

Properties

Article ID: 319236 - Last Review: February 27, 2014 - Revision: 3.11
APPLIES TO
  • Microsoft Internet Explorer 5.5 Service Pack 1
  • Microsoft Internet Explorer 5.5 Service Pack 2
  • Microsoft Internet Explorer 5.5 Service Pack 1
  • Microsoft Internet Explorer 5.5 Service Pack 2
  • Microsoft Internet Explorer 5.5 Service Pack 1
  • Microsoft Internet Explorer 5.5 Service Pack 2
  • Microsoft Internet Explorer 5.5 Service Pack 1
  • Microsoft Internet Explorer 5.5 Service Pack 2
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.5 Service Pack 1
  • Microsoft Internet Explorer 5.5 Service Pack 2
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Media Center Edition
    • Microsoft Windows XP Tablet PC Edition
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
    • Microsoft Windows NT Server 4.0 Standard Edition
    • Microsoft Windows NT Server 4.0, Terminal Server Edition
    • Microsoft Windows NT Workstation 4.0 Developer Edition
    • Microsoft Windows Millennium Edition
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
Keywords: 
kbnosurvey kbarchive kbbug kbfix kbie550presp3fix kbie600presp1fix kbsecbulletin kbsechack kbsecurity kbsecvulnerability kbie600sp1fix KB319236

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com