Article ID: 279881 - Last Review: July 24, 2007 - Revision: 4.2 Patch Available for New Variant of "Scriptlet Rendering" VulnerabilityThis article was previously published under Q279881 On This PageSUMMARY
Microsoft has released an update to Internet Explorer that addresses a potential security issue that could enable a malicious Web site operator to provide incorrect information that consists of script, solely for the purpose of introducing it into an Internet Explorer system file with a known name to use the OBJECT tag to render the file. The net effect would be to make the script run in the Local Computer zone, at which point it could obtain access to files on the user's local file system. As of 12/12/2000, this patch eliminates all known variants of this vulnerability.
Additional information about this issue is available from the following Microsoft Web site: http://www.microsoft.com/technet/security/bulletin/ms00-093.mspx
(http://www.microsoft.com/technet/security/bulletin/ms00-093.mspx)
MORE INFORMATION
This issue is also described in the following Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/MS00-055.mspx
(http://www.microsoft.com/technet/security/bulletin/MS00-055.mspx)
Patch AvailabilityTo install the patch, view the following Microsoft Web site:http://www.microsoft.com/windows/ie/download/critical/279328.htm
(http://www.microsoft.com/windows/ie/download/critical/279328.htm)
NOTE: This update may not appear on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft.com Web site:
This update does not need to be installed on this system.
For additional information about how to determine which version of Internet Explorer is installed, click the article number below to view the article in the Microsoft Knowledge Base: 164539
(http://support.microsoft.com/kb/164539/EN-US/
)
How to Determine Which Version of Internet Explorer Is Installed
The Q279328.exe file contains the following files:
Internet Explorer 5.5 Service Pack 1: Date Time Version Size File name ---------------------------------------------------------------------- 11-13-00 2:06pm 5.50.4611.1300 2,681 Mshtml.dll 11-13-00 12:49pm 5.50.4611.1300 399 Mshtmled.dll 11-13-00 2:07pm 5.50.4611.1300 1,120 Shdocvw.dll Internet Explorer 5.5: Date Time Version Size File name ---------------------------------------------------------------------- 07-28-00 3:16pm 5.50.4207.2600 109 Asctrls.ocx Internet Explorer 5.01 Service Pack 1: Date Time Version Size File name ---------------------------------------------------------------------- 11-13-00 2:35pm 5.00.3211.1700 2,298 Mshtml.dll 11-03-00 3:22pm 5.00.3211.300 1,078 Shdocvw.dll 279330
(http://support.microsoft.com/kb/279330/EN-US/
)
Patch Available for New Variant of the Frame Domain Verification Vulnerability
279329
(http://support.microsoft.com/kb/279329/EN-US/
)
Patch Available for File Upload via Form Vulnerability
279328
(http://support.microsoft.com/kb/279328/EN-US/
)
Patch Available for Browser Print Template Vulnerability
APPLIES TO
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
