Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Patch Available for New Variant of "Scriptlet Rendering" Vulnerability


View products that this article applies to.

This article was previously published under Q279881

↑ Back to the top


Summary

Microsoft has released an update to Internet Explorer that addresses a potential security issue that could enable a malicious Web site operator to provide incorrect information that consists of script, solely for the purpose of introducing it into an Internet Explorer system file with a known name to use the OBJECT tag to render the file. The net effect would be to make the script run in the Local Computer zone, at which point it could obtain access to files on the user's local file system. As of 12/12/2000, this patch eliminates all known variants of this vulnerability.

Additional information about this issue is available from the following Microsoft Web site:

↑ Back to the top


More information

This issue is also described in the following Microsoft Security Bulletin:

Patch Availability

To install the patch, view the following Microsoft Web site: NOTE: This update may not appear on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft.com Web site:
This update does not need to be installed on this system.
Updates are available only for Internet Explorer 5.01 Service Pack 1 (SP1), 5.5 and 5.5 SP1. Internet Explorer versions 5 and 5.01 are also vulnerable to this problem. If your browser is a version of Internet Explorer (5 or later) other than 5.01 SP1, 5.5 or 5.5 SP1, your computer is still vulnerable. Microsoft recommends that you upgrade to the latest version of Internet Explorer and then install this patch.

For additional information about how to determine which version of Internet Explorer is installed, click the article number below to view the article in the Microsoft Knowledge Base:
164539� How to Determine Which Version of Internet Explorer Is Installed
The Q279328.exe file contains the following files:
Internet Explorer 5.5 Service Pack 1:

Date        Time        Version           Size         File name
---------------------------------------------------------------------- 
11-13-00    2:06pm      5.50.4611.1300    2,681        Mshtml.dll    
11-13-00    12:49pm     5.50.4611.1300    399          Mshtmled.dll
11-13-00    2:07pm      5.50.4611.1300    1,120        Shdocvw.dll

Internet Explorer 5.5:

Date        Time        Version           Size         File name
---------------------------------------------------------------------- 
07-28-00    3:16pm      5.50.4207.2600    109          Asctrls.ocx 

Internet Explorer 5.01 Service Pack 1:

Date        Time        Version           Size         File name
---------------------------------------------------------------------- 
11-13-00    2:35pm      5.00.3211.1700    2,298        Mshtml.dll    
11-03-00    3:22pm      5.00.3211.300     1,078        Shdocvw.dll   

				
For additional information about other issues that are addressed by this update, click the article numbers below to view the articles in the Microsoft Knowledge Base:
279330� Patch Available for New Variant of the Frame Domain Verification Vulnerability
279329� Patch Available for File Upload via Form Vulnerability
279328� Patch Available for Browser Print Template Vulnerability

↑ Back to the top


Keywords: KB279881, kbinfo, kbfile

↑ Back to the top

Article Info
Article ID : 279881
Revision : 6
Created on : 7/24/2007
Published on : 7/24/2007
Exists online : False
Views : 503