Help and Support
 

powered byLive Search

Update for "Javascript Redirect" Vulnerability in Internet Explorer 5

Retired KB ArticleThis article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
View products that this article applies to.
Article ID:244357
Last Review:August 23, 2007
Revision:2.5
This article was previously published under Q244357

SYMPTOMS

Microsoft has made an update available that addresses a potential security issue in which an HTTP redirect to a javascript:url can be used to compromise security. This issue could allow a malicious Web site operator to read files on the local computer, although the intruder would have to know the name and location of the file. The vulnerability does not allow the malicious user to list the contents of folders, create, modify or delete files.

Additional information about this issue is available from the following Microsoft Web sites:
http://www.microsoft.com/windows/ie/community/columns/securityupgrade.mspx (http://www.microsoft.com/windows/ie/community/columns/securityupgrade.mspx)
http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx (http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx)
Updates are available for the following products:
Microsoft Internet Explorer 5.0 for Windows 95
Microsoft Internet Explorer 5.0 for Windows NT 4.0 (Alpha and x86)
Microsoft Windows 98
Microsoft Windows 98 Second Edition

Back to the top

RESOLUTION

To obtain this update, download and install the appropriate Q244357.exe file for your computer from the Microsoft site listed below. To navigate to Q244357.exe file, click the link below, and then click Next twice:
http://www.microsoft.com/msdownload/iebuild/jsredir/en/jsredir.htm (http://www.microsoft.com/msdownload/iebuild/jsredir/en/jsredir.htm)
The English-language version of this fix should have the following file attributes or later:
   File name           Size                Date      Version
   ----------------------------------------------------------------
   Urlmon.dll          442,640 (x86)       10-25-99   5.0.2722.2500
   Urlmon.dll          719,120 (alpha)     10-25-99   5.0.2722.2500


Note that if you try to install this update on any version of Internet Explorer other than Internet Explorer 5, you receive a message that says "This update does not need to be installed on this system" when in fact the computer may be vulnerable. For additional information about Internet Explorer 4.01, click the article number below to view the article in the Microsoft Knowledge Base:
244356 (http://support.microsoft.com/kb/244356/EN-US/) Update for "Javascript Redirect" Vulnerability in Internet Explorer 4.01

Back to the top

STATUS

This issue is fixed in Internet Explorer 5.01.

Back to the top

APPLIES TO
Microsoft Internet Explorer 5.0

Back to the top

Keywords: 
kbprb KB244357

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.