Update Available for "Server-Side Page Reference Redirect" Vulnerability

ID: Q246094

The information in this article applies to:
  • Microsoft Internet Explorer versions 4.01 Service Pack 2, 5, 5.01 for Windows NT 4.0
  • Microsoft Internet Explorer versions 4.01 Service Pack 2, 5 for Windows 95
  • Microsoft Internet Explorer versions 4.01 Service Pack 2, 5, 5.01 for Windows 98
  • Microsoft Internet Explorer version 5.01 for Windows 98 Second Edition

SUMMARY

Microsoft has released a patch that eliminates a vulnerability in Microsoft Internet Explorer 4 and 5 that may allow a malicious Web site operator to view a file on the computer of a visiting user, provided that the Web site operator knows the name of the file and folder.

Additional information about this vulnerability is available at:

Updates are available for the following products:
  • Internet Explorer 4.01 SP2 for Microsoft Windows 95 and Microsoft Windows NT 4.0 (x86 and Alpha)


  • Microsoft Windows 98


  • Internet Explorer 5 and 5.01 for Windows 95, Windows 98, and Windows NT 4.0 (x86 and Alpha)


This update also includes fixes for the following previous security issues.

NOTE: You do not need to install these fixes after installing the update mentioned above. For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q231450 Update Available for the 'Malformed Favorites Icon' Issue
Q241362 Update Available for the ImportExportFavorites Issue


MORE INFORMATION

The patch for this issue can be downloaded from:

http://www.microsoft.com/windows/ie/security/servredir.asp

Update Information by Product

Internet Explorer 4.01 SP2 for Windows 95 and Windows NT 4.0


   File name    Size       Date        Version         Platform
   ------------------------------------------------------------
   Shdocvw.dll  2,174,736  11/30/1999  4.72.3711.2900  9x
   Shdocvw.dll  2,174,736  11/30/1999  4.72.3711.2900  NT (x86)
   Shdocvw.dll  3,154,704  11/29/1999  4.72.3711.2900  NT (Alpha)

Though the Windows 95 and Windows NT 4.0 x86 files are the same size, they are different binaries and are not interchangeageble. These files are named Shdo95.dll and Shdont.dll inside the package. When they are extracted, the files are named appopropriately as they are installed on your computer.

Internet Explorer 5.0 for Windows 95, Windows 98, and Windows NT 4.0


   File name    Size       Date        Version         Platform
   ------------------------------------------------------------
   Shdocvw.dll  950,544    11/29/1999  5.0.2723.2900   (x86)
   Shdocvw.dll  1,617,680  11/29/1999  5.0.2723.2900   (Alpha)

Internet Explorer 5.01 for Windows 95, Windows 98, and Windows NT 4.0


   File name    Size       Date        Version         Platform
   ------------------------------------------------------------
   Shdocvw.dll  1,102,608  11/29/1999  5.0.2919.6400   (x86)


NOTE: If you are using Internet Explorer 4.0 or 4.01 Service Pack 1, you must install Internet Explorer 4.01 Service Pack 2 in order to apply this update. You can install Internet Explorer 4.01 Service Pack 2 from the following Microsoft Web site:
http://www.microsoft.com/ie/download
When a Web server performs a server-side redirect, the Internet Explorer security model verifies the server's permissions on the new page. However, under certain timing conditions, it is possible for a Web server to create a reference to a client window that the server is permitted to view. Then the Web server could use a server-side redirect to a client-local file, and bypass the security restrictions. The result is that it may be possible for a malicious Web site operator to view, but not change, create or delete, files on the computer of a visiting user. The Web site operator would need to know (or guess) the name and location of the file.

Additional query words:

Keywords : kbpolicy ntsecurity
Version : WINDOWS:4.01 Service Pack 2,5,5.01; Win98:5.01
Platform : WINDOWS Win98
Issue type : kbbug


Last Reviewed: December 16, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.