Article ID: 226325 - Last Review: August 23, 2007 - Revision: 4.2

Update Available for MSHTML Security Issues in Internet Explorer

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q226325

On This Page

Expand all | Collapse all

SUMMARY

An updated version of the "IFRAME ExecCommand" Vulnerability update was posted on November 4, 1999. This update also fixes the MSHTML issues in Microsoft Internet Explorer 5 previously documented in this article as well as the MSHTML issue documented in the following article in the Microsoft Knowledge Base:

NOTE: This problem is resolved in Microsoft Internet Explorer 5.01.
242542  (http://support.microsoft.com/kb/242542/EN-US/ ) Download Behavior Vulnerability in Internet Explorer 5
For additional information about this issue, please see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS99-040.mspx (http://www.microsoft.com/technet/security/bulletin/MS99-040.mspx)
For additional information about the IFRAME ExecCommand" vulnerability, please see the following article in the Microsoft Knowledge Base:
243638  (http://support.microsoft.com/kb/243638/EN-US/ ) Update Available for IFRAME ExecCommand Vulnerability in Internet Explorer 5
Additional information about this issue is available from the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS99-042.mspx (http://www.microsoft.com/technet/security/bulletin/MS99-042.mspx)
On April 21, 1999, Microsoft released an update to Internet Explorer 4.x and 5 that addresses multiple security vulnerabilities in Internet Explorer's parsing engine, Mshtml.dll. Additional information about these issues is available from the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS99-012.mspx (http://www.microsoft.com/technet/security/bulletin/MS99-012.mspx)
Updates are available for the following products:
  • Microsoft Internet Explorer 4.0, 4.01 for Windows 95 and Windows NT 4.0 (x86 and Alpha)
  • Microsoft Windows 98 Internet Explorer 4.01 SP1/SP2)
This update addresses the following three vulnerabilities in Internet Explorer 4.x:
  • The IMG SRC tag can point to items other than images, allowing someone to obtain access to information about local files through Internet Explorer's object model.
  • A new variant of the "cross-frame" vulnerability that was previously addressed. For additional information about this issue, please see the following article(s) in the Microsoft Knowledge Base:
    168485  (http://support.microsoft.com/kb/168485/EN-US/ ) Update Available for Cross-Frame Security Issue
  • A new variant of the previously-addressed "untrusted scripted paste" vulnerability. For additional information about this issue, please see the following article(s) in the Microsoft Knowledge Base:
    169245  (http://support.microsoft.com/kb/169245/EN-US/ ) Update Available for "Untrusted Scripted Paste" Issue
Additionally, This update also fixes the "Untrusted Scripted Paste", "Cross Frame Navigate", and "Frame Spoof" security issues in Microsoft Internet Explorer running on Windows operating systems. For additional information about these issues, please see the following article(s) in the Microsoft Knowledge Base:
169245  (http://support.microsoft.com/kb/169245/EN-US/ ) Update Available for "Untrusted Scripted Paste" Issue
168485  (http://support.microsoft.com/kb/168485/EN-US/ ) Update Available for Cross-Frame Security Issue
167614  (http://support.microsoft.com/kb/167614/EN-US/ ) Update Available For "Frame Spoof" Security Issue
Back to the top

MORE INFORMATION

Microsoft Internet Explorer 4.0, 4.01, and 4.01 with Service Pack 1 or 2 for Windows 95

Update File Name: mshtml4.exe
Collapse this tableExpand this table
Updated File NameSize (bytes)DateVersion
Mshtml.dll2,422,5444-13-994.72.3616.1301
Mshtmlwb.dll55,8724-14-994.72.3616.1400
Back to the top

Microsoft Internet Explorer 4.0, 4.01, and 4.01 with Service Pack 1 or 2 for Windows NT 4.0 (x86)

Update File Name: mshtml4.exe
Collapse this tableExpand this table
Updated File NameSize (bytes)DateVersion
Mshtml.dll2,422,5444-13-994.72.3616.1301
Mshtmlwb.dll55,8724-14-994.72.3616.1400
Back to the top

Microsoft Internet Explorer 4.0, 4.01, and 4.01 with Service Pack 1 or 2 for Windows NT 4.0 (Alpha)

Update File Name: mshtml4ax.exe
Collapse this tableExpand this table
Updated File NameSize (bytes)DateVersion
Mshtml.dll3,951,8884-14-994.72.3616.1400
Mshtmlwb.dll113,4244-15-994.72.3616.1400
Back to the top

Windows 98 (Internet Explorer 4.01 SP1/SP2)

Update File Name: mshtml4.exe

Collapse this tableExpand this table
Updated File NameSize (bytes)DateVersion
Mshtml.dll2,422,5444-13-994.72.3616.1301
Mshtmlwb.dll55,8724-14-994.72.3616.1400
Back to the top

Microsoft Internet Explorer 5 for Windows 95, Windows 98, or Windows NT 4.0 (x86)

Update File Name: Mshtml5.exe
Collapse this tableExpand this table
Updated File NameSize (bytes)DateVersion
Mshtml.dll2,359,5684-14-995.00.2614.3401
Back to the top

Microsoft Internet Explorer 5 for Windows NT 4.0 (Alpha)

Update File Name: Mshtml5ax.exe
Collapse this tableExpand this table
Updated File NameSize (bytes)DateVersion
Mshtml.dll4,982,5444-14-995.00.2614.3401
Back to the top
APPLIES TO
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
Back to the top
Keywords: 
kbfile kbinfo KB226325
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers