Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

After you install security update 867282 that is included with Security Bulletin MS05-014, Internet Explorer crashes when you copy images from Web sites that use the <input type=image> tag


View products that this article applies to.

Symptoms

After you install security update 867282 that is included with Microsoft Security Bulletin MS05-014, Microsoft Internet Explorer crashes when you copy images from Web sites that use the <input type=image> tag.

↑ Back to the top


Cause

A change was included in security update 867282 that helps to block a specific, potentially malicious scenario of dragging a Microsoft Excel spreadsheet that looks similar to an image to your desktop. The code that was changed to help block this scenario is used for drag-and-drop operations and for image copy operations. Because of the change, a logic error was introduced that can cause Internet Explorer to crash when you copy images from the <input type=image> tag.

↑ Back to the top


Resolution

To resolve this problem, install security update 890923 (MS05-020). For more information about security update 890923, click the following article number to view the article in the Microsoft Knowledge Base:
890923� MS05-020: Cumulative security update for Internet Explorer

↑ Back to the top


Workaround

Workaround for Web developers


If you have a site that uses the <input type=image> tag, you can do the following things to work around this issue:
  • To display an image, you can use the img element, for example <img src=�sample.gif�>, instead of using the input element with a type attribute that specifies an image.
  • To submit the coordinates of the image that the user clicked on, you can use the <img> element and an <onclick> handler to capture the coordinates and to submit them through the <input type=submit> control. For example, use the following code.
    <script>
    function ClickHandler(e)
    {
     document.all.form1.imgx.value = e.offsetX;
     document.all.form1.imgy.value = e.offsetY;
     document.all.form1.submit();
    }
    </script>
    <form action="form.asp" method="post" id=form1 name=form1>
    <input type=hidden name="imgobj.x" id=imgx value=0>
    <input type=hidden name="imgobj.y" id=imgy value=0>
    <img src=someimage.jpg onclick="ClickHandler(event);">
    </form>
We are working on a software update to resolve this issue. This update will be included in the next Internet Explorer security update.

Workaround for Web users

To work around this issue, follow these steps:
  1. Right-click the image that uses the <input type=image> tag, and then click Save Picture As to save the image file to the desktop.
  2. Click Start , click Run, type mspaint in the Open box, and then click OK.
  3. In Microsoft Paint, click Open on the File menu.
  4. Click to select the image file that you saved to the desktop, and then click Open.
  5. On the Edit menu, click Select All to select the image.
  6. On the Edit menu, click Copy.
You can now paste the image to other applications.

↑ Back to the top


References

For additional information about MS05-014, click the following article number to view the article in the Microsoft Knowledge Base:
867282� MS05-014: Cumulative security update for Internet Explorer

↑ Back to the top


Keywords: kbprb, kbcode, kbcodesnippet, kberrmsg, kbadmin, kbexpertiseinter, kbexpertiseadvanced, kbappdev, kbsecurity, kbtshoot, KB894926

↑ Back to the top

Article Info
Article ID : 894926
Revision : 11
Created on : 2/6/2007
Published on : 2/6/2007
Exists online : False
Views : 387