Update for "Javascript Redirect" Vulnerability in Internet Explorer 5

• Microsoft Internet Explorer version 5 for Windows 98
• Microsoft Internet Explorer version 5 for Windows 95
• Microsoft Internet Explorer version 5 for Windows NT 4.0

SYMPTOMS

Microsoft has made an update available that addresses a potential security issue in which an HTTP redirect to a javascript:url can be used to compromise security. This issue could allow a malicious Web site operator to read files on the local computer, although the intruder would have to know the name and location of the file. The vulnerability does not allow the malicious user to list the contents of folders, create, modify or delete files.

Additional information about this issue is available from the following Microsoft Web sites:

• http://www.microsoft.com/windows/ie/security/default.asp
• http://www.microsoft.com/security/bulletins/ms99-043.asp

• Microsoft Internet Explorer 5.0 for Windows 95
• Microsoft Internet Explorer 5.0 for Windows NT 4.0 (Alpha and x86)
• Microsoft Windows 98
• Microsoft Windows 98 Second Edition

RESOLUTION

To obtain this update, download and install the appropriate Q244357.exe file for your computer from the following Microsoft site:

• http://www.microsoft.com/windows/ie/security/jsredir.htm



• http://www.microsoft.com/msdownload/iebuild/jsredir/en/jsredir.htm

   File name           Size                Date      Version
   ----------------------------------------------------------------
   Urlmon.dll          442,640 (x86)       10-25-99   5.0.2722.2500
   Urlmon.dll          719,120 (alpha)     10-25-99   5.0.2722.2500 

Q244356 Update for "Javascript Redirect" Vulnerability in Internet Explorer 4.01

STATUS

This issue is fixed in Internet Explorer 5.01.

Additional query words:

Keywords : kbtool msiew95 msient msiew98
Version : WINDOWS:5
Platform : WINDOWS
Issue type : kbprb