Update Available for the ImportExportFavorites Issue

ID: Q241362

The information in this article applies to:
  • Microsoft Internet Explorer version 5 for Windows 95
  • Microsoft Internet Explorer version 5 for Windows 98
  • Microsoft Internet Explorer version 5 for Windows NT 4.0
  • Microsoft Windows 98 Second Edition

SUMMARY

Microsoft has released an update to Internet Explorer 5 that addresses a potential security vulnerability with the ImportExportFavorites function in Internet Explorer 5.


MORE INFORMATION

Internet Explorer 5 includes a feature that you can use to export a list of your favorite Web sites to a file, or to import a file containing a list of favorite sites. The method that is used to perform this function (ImportExportFavorites) should allow only particular types of files to be written, and only to specific locations on the drive. However, a Web site can invoke this method, bypass this restriction, and write files that could be used to run system commands. The result is that a malicious Web site operator potentially could take any action on the computer that you could take.

For additional information about the ImportExportFavorites issue, click the article number below to view the article in the Microsoft Knowledge Base:

Q241438 Vulnerability in ImportExportFavorites
The update for the ImportExportFavorites issue eliminates this vulnerability that could allow a malicious Web site operator to take inappropriate actions on your computer.

The update for the ImportExportFavorites issue is included in the following updated file: 

   File Name        Size     Date      Time     Version
   -----------------------------------------------------------
   Shdocvw.dll    946,448    09/14/99  05:19p   5.00.2721.1400
NOTE: The updated Shdocvw.dll file also includes the fix to resolve the "Malformed Favorites Icon" issue. For additional information about the "Malformed Favorites Icon" issue, click the article number below to view the article in the Microsoft Knowledge Base:
Q231450 Update Available for the "Malformed Favorites Icon" Issue
To obtain the update for the ImportExportFavorites issue, download and install the appropriate Q241361.exe file for your computer from the following Microsoft Web site:
http://www.microsoft.com/msdownload/iebuild/iefav/en/iefav.htm
After you install the update for the ImportExportFavorites issue, "Q241362" is added to the Update Versions line when you click About Internet Explorer on the Help menu in Internet Explorer.

NOTE: The Q241361.exe file also contains the previously released updates to address the "Legacy ActiveX Control" issue and vulnerabilities in ActiveX controls issue. For additional information about these updates, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q231452 Update Available for "Legacy ActiveX Control" Issue
Q241361 Update Available for Unsafe ActiveX Controls
For additional information about the ImportExportFavorites issue, visit the Microsoft Security Bulletin Web page:
http://www.microsoft.com/security/bulletins/MS99-037.asp
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
http://www.microsoft.com/security/

Additional query words:

Keywords : kbenv msiew95 msient msiew98 win98se
Version : WINDOWS:5
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: December 8, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.