Help and Support
 

powered byLive Search

Patch available for "Frame Domain Verification," "Unauthorized Cookie Access," "Malformed Component Attribute," and "WPAD Spoofing" vulnerabilities

Retired KB ArticleThis article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
View products that this article applies to.
Article ID:262509
Last Review:January 27, 2007
Revision:5.1
This article was previously published under Q262509
On This Page

SUMMARY

Microsoft released an Internet Explorer security update on May 18, 2000, that eliminates four security vulnerabilities in Internet Explorer 4.01 Service Pack 2 (SP2) and 5.01:
The "Frame Domain Verification" vulnerability, which could allow a malicious Web site operator to read, but not change or add, files on the computer of a visiting user.
The "Unauthorized Cookie Access" vulnerability, which could allow a malicious Web site operator to access cookies belonging to a visiting user.
The "Malformed Component Attribute" vulnerability, which could allow a malicious Web site operator to run code on the computer of a visiting user.
A new variant of the "WPAD Spoofing" vulnerability that was fixed in Internet Explorer 5.01 (for information about this vulnerability, visit the http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx (http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx) Web site).

Back to the top

MORE INFORMATION

For additional information about these vulnerabilities and the availability of a comprehensive update to eliminate them, please see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-033.mspx (http://www.microsoft.com/technet/security/bulletin/ms00-033.mspx)
Note This update may not appear when you click Product Updates on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft Download Center:
This update does not need to be installed on this system.
Updates are available only for Internet Explorer 4.01 Service Pack 2 (SP2) and Internet Explorer 5.01. Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 5, and 5.5 Beta are also vulnerable to this problem, but running the patch on a version of Internet Explorer 4.x earlier than 4.01 SP2, a version of Internet Explorer 5 earlier than 5.01, or Internet Explorer 5.5 Beta results in the message listed above. This patch is not listed as a critical update on the Microsoft Windows Update Web site unless you are running Internet Explorer 4.01 SP2 or 5.01.

Microsoft recommends that you update to Internet Explorer 4.01 SP2 or 5.01 and then install this patch. If you are using Internet Explorer 5.5 Beta, Microsoft recommends that you uninstall Internet Explorer 5.5 Beta and then install this patch for Internet Explorer 4.01 SP2 or 5.01. The final released version of Internet Explorer 5.5 will include all of the updates in this patch.

For more information about how to determine which version of Internet Explorer is installed, click the following article number to view the article in the Microsoft Knowledge Base:
164539 (http://support.microsoft.com/kb/164539/) How to determine which version of Internet Explorer is installed

Back to the top

Update information by product

After you install this patch, "q262509" is displayed on the Update Versions line when you click About Internet Explorer on the Help menu, and the following files are updated (depending on which version of Internet Explorer you are using).

Internet Explorer 4.01 SP2 for Windows 95 and Windows 98

Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp (http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp)
http://windowsupdate.microsoft.com (http://windowsupdate.microsoft.com)
   File name    Size     Date       Time        Version
   -----------------------------------------------------------
   Wininet.dll  373,520  5/15/2000  9:41:26 AM  4.72.3717.1500

Internet Explorer 4.01 SP2 for Windows NT 4.0 (Intel)

Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp (http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp)
http://windowsupdate.microsoft.com (http://windowsupdate.microsoft.com)
   File name    Size     Date       Time         Version
   ------------------------------------------------------------
   Wininet.dll  373,008  5/15/2000  11:13:34 AM  4.72.3717.1500

Internet Explorer 4.01 SP2 for Windows NT 4.0 (AXP)

Update File Name: Q262509.exe
Description: Internet Explorer Security Update, May 18th 2000
Availability:
http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp (http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp)
   File name    Size     Date       Time        Version
   -----------------------------------------------------------
   Wininet.dll  664,336  5/15/2000  7:40:10 AM  4.72.3717.1500

Windows 2000 (All Versions) and Internet Explorer 5.01 for Windows 95, Windows 98, Windows 98 Second Edition, and Windows NT 4.0

Update File Name: Q262509.exe
Description: Security Update, August 9, 2000
Availability:
http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp (http://www.microsoft.com/windows/ie/downloads/critical/patch11/default.asp)
http://windowsupdate.microsoft.com (http://windowsupdate.microsoft.com)
   File name    Size       Date       Time         Version
   --------------------------------------------------------------
   Mshtml.dll   2,352,400  5/11/2000   4:14:40 PM  5.00.3017.1000
   Shdocvw.dll  1,104,144  5/02/2000  12:24:36 PM  5.00.3015.2000
   Urlmon.dll     449,808  5/03/2000   2:12:56 PM  5.00.3017.3000
   Wininet.dll    460,560  5/12/2000  12:23:28 PM  5.00.3017.1200
Note This update has been revised since its original release to address a minor issue that causes Internet Explorer to display images incorrectly on some Web sites. Microsoft recommends that all users download this updated version.

Back to the top

REFERENCES

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
258430 (http://support.microsoft.com/kb/258430/) Web site may retrieve cookies from your computer
251108 (http://support.microsoft.com/kb/251108/) Update available for the "Frame Domain Verification" issue
255676 (http://support.microsoft.com/kb/255676/) DocumentComplete on IFRAME may cause cross-domain security issues
261257 (http://support.microsoft.com/kb/261257/) Malformed component attribute issue in Internet Explorer
247333 (http://support.microsoft.com/kb/247333/) Web proxy auto-discovery "spoofing" may change proxy settings

Back to the top

APPLIES TO
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 4.01 Service Pack 1
Microsoft Internet Explorer 4.01 Service Pack 2
Microsoft Internet Explorer 4.0 128-Bit Edition

Back to the top

Keywords: 
kbinfo KB262509

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.