Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Patch Available for "Browser Print Template" Vulnerability

Patch Available for "Browser Print Template" Vulnerability

View products that this article applies to.

This article was previously published under Q279328

↑ Back to the top

Summary

Microsoft has released an update to Internet Explorer that addresses a potential security issue in which a Web-based program could invoke a custom print template without approval from the user.

Additional information about this issue is available from the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-093.mspx

↑ Back to the top

More information

Internet Explorer 5.5 includes a feature known as Print Templates, which provides the ability to customize how browser pages will look when they are previewed and printed. A vulnerability exists in the feature that would enable a Web-based program to invoke a custom print template without approval from the user. This poses a security hazard because print templates are, by design, trusted code and therefore able to execute ActiveX controls, even ones that are not marked as safe for scripting.

Patch Availability

Internet Explorer 5.5:

To install the patch, view the following Microsoft Web site:
http://www.microsoft.com/windows/ie/download/critical/279328.htm
Internet Explorer 5.01:

To resolve this problem, obtain the latest service pack for Internet Explorer version 5.01. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
267954� How to Obtain the Latest Internet Explorer 5.01 Service Pack
For your convenience, the individual update is also available for download from the following Microsoft Web site:
http://www.microsoft.com/windows/ie/download/critical/279328.htm
Microsoft has confirmed that this is a problem in Microsoft Internet Explorer 5.01. This problem was first corrected in Internet Explorer version 5.01 Service Pack 2.

Q279328.exe File Attributes:

Internet Explorer 5.5 Service Pack 1:

Date        Time        Version           Size         File name
------------------------------------------------------------------- 
11-13-00    2:06pm      5.50.4611.1300    2,681        Mshtml.dll    
11-13-00    12:49pm     5.50.4611.1300    399          Mshtmled.dll
11-13-00    2:07pm      5.50.4611.1300    1,120        Shdocvw.dll

Internet Explorer 5.5:

Date        Time        Version           Size         File name
------------------------------------------------------------------ 
07-28-00    3:16pm      5.50.4207.2600    109          Asctrls.ocx 

Internet Explorer 5.01 Service Pack 1:

Date        Time        Version           Size         File name
------------------------------------------------------------------ 
11-13-00    2:35pm      5.00.3211.1700    2,298        Mshtml.dll    
11-03-00    3:22pm      5.00.3211.300     1,078        Shdocvw.dll
For additional information about other issues that are addressed by this update, click the article numbers below to view the articles in the Microsoft Knowledge Base:
279330� Patch Available for New Variant of the Frame Domain Verification Vulnerability
279329� Patch Available for File Upload Via Form Vulnerability
279881� Patch Available for New Variant of Scriptlet Rendering Vulnerability

↑ Back to the top

Keywords: KB279328, kbprint, kbie550presp2fix, kbie501presp2fix, kbfix, kbfile, kbenv, kbbug

↑ Back to the top

Article Info
Article ID : 279328
Revision : 5
Created on : 7/24/2007
Published on : 7/24/2007
Exists online : False
Views : 412