Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Update Available for Window.External JScript Security Issue

Update Available for Window.External JScript Security Issue

View products that this article applies to.

This article was previously published under Q191200

↑ Back to the top

Summary

Microsoft has made an update available to Microsoft Scripting Engines version 3.1 that addresses an issue regarding the way Internet Explorer handles very long strings with the Window.External JScript function. Additional information about this issue is available on the following Microsoft Web sites:
http://www.microsoft.com/technet/security/bulletin/ms98-011.mspx
Updates are available for the following products:
  • Microsoft Internet Explorer 4.0, 4.01, and 4.01 Service Pack 1 for Windows 95 and Windows NT 4.0
  • Microsoft Windows 98
Internet Explorer 4.0 and 4.01 for Windows 3.1, Windows NT 3.51, Macintosh, and UNIX on Sun Solaris are not affected by this problem. Internet Explorer version 3.x is also not affected.

This issue can cause Internet Explorer to quit unexpectedly when you view a Web page that contains a script written in JScript that uses the Window.External function with a very long string. It is difficult but possible for an individual to cause malicious code to be run on your computer as a result of this problem. There have not been any reports of customers being affected by this problem.

↑ Back to the top

More information

This update installs the files listed below.

Microsoft Internet Explorer 4.0, 4.01, and 4.01 Service Pack 1 for Windows 95 and Windows NT 4.0 on Intel x86 platforms:

NOTE: The fix for this issue is included in Service Pack 2. 
   Update file name:  Scr31en.exe
Available at:
http://www.microsoft.com/windows/ie/security/default.mspx
   Updated file name    Size (bytes)   Date       Version
   ---------------------------------------------------------
   Jscript.dll          484,624        7-2-98     3.1.0.3101
   Vbscript.dll         335,120        7-2-98     3.1.0.3101
   Dispex.dll            53,520        7-2-98     3.1.0.3101
   Scrrun.dll           172.816        7-2-98     3.1.0.3101


Microsoft Internet Explorer 4.0, 4.01, and 4.01 Service Pack 1 for Windows NT 4.0 on Alpha platforms: 

   Update file name:  Scr31en.exe


Available at:
http://www.microsoft.com/windows/ie/security/default.mspx
   Updated file name    Size (bytes)   Date       Version
   ---------------------------------------------------------
   Jscript.dll          811,844        7-2-98     3.1.0.3101
   Vbscript.dll         595,269        7-2-98     3.1.0.3101
   Dispex.dll           120,643        7-2-98     3.1.0.3101
   Scrrun.dll           265,027        7-2-98     3.1.0.3101


Windows 98: 


   Update file name:  Scr31en.exe


Available at: Microsoft Windows Update Web site
http://windowsupdate.microsoft.com
   Updated file name    Size (bytes)   Date       Version
   ---------------------------------------------------------
   Jscript.dll          484,624        7-2-98     3.1.0.3101
   Vbscript.dll         335,120        7-2-98     3.1.0.3101
   Dispex.dll            53,520        7-2-98     3,1,0,3101
   Scrrun.dll           172.816        7-2-98     3.1.0.3101


NOTE: Version 4.0 (included with Microsoft Visual Studio 6.0) or 5.0 (Beta version available for download) of the Microsoft Scripting Engines are not affected by this problem. If you attempt to install this update over version 4.x or 5.x of the Scripting Engines, you receive the following version conflict messages for each of the four files listed above:

NOTE: You should click Yes (keep your existing file) in Windows 95/98 and No (do not overwrite the newer file) in Windows NT.

For Windows 95/98: 

   Version Conflict
   A file being copied is older than the file currently on your
   computer. It is recommended that you keep your existing file.
				


   Filename: <filename>
   Description: <description>
   Your version: x.x.x.xxxx.
				


   Do you want to keep this file?


For Windows NT: 

   Confirm File Replace
   Source: <path>
   Target: <path>
				


   The target file exists and is newer than the source. Overwrite the
   newer file?


Reducing Your Risk If You Cannot Apply the Patch



If you are unable to apply the patch, you can reduce your risk of being affected by this problem by disabling Active Scripting in Internet Explorer. To do this, follow these steps:

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Internet, and then click the Security tab.
  3. In the Zone box, click Internet Zone.
  4. Click Custom (For Expert Users), and then click Settings.
  5. Under Scripting, click Disable in the Active Scripting section.
  6. Click OK.
  7. In the Zone box, click Restricted Sites Zone.
  8. Repeat steps 4-6.
  9. Click OK.

↑ Back to the top

Keywords: kbinfo, KB191200

↑ Back to the top

Article Info
Article ID : 191200
Revision : 6
Created on : 8/8/2007
Published on : 8/8/2007
Exists online : False
Views : 537