The information in this article applies to:
SYMPTOMSThe Internet Explorer version 5 Web Proxy Auto-Discovery (WPAD) feature enables Web clients to automatically detect proxy settings without user intervention. The algorithm used by WPAD adds the subdomain "wpad" to the beginning of the fully-qualified domain name and progressively removes subdomains until it either finds a WPAD server answering the domain name or reaches the third-level domain. For example, Web clients in the a.b.microsoft.com domain would query wpad.a.b.microsoft, wpad.b.microsoft.com, and then wpad.microsoft.com. A vulnerability exists if the third-level domain is not a trusted domain. A malicious user could set up a WPAD server and serve proxy configuration commands of his or her choice. CAUSEWPAD is a feature introduced in Internet Explorer 5 that allows Web clients to find and load proxy configuration information from a server. The algorithm that determines the order in which domains are searched for this information may not handle some cases correctly. RESOLUTIONTo resolve this issue, upgrade Internet Explorer 5 to Internet Explorer version 5.01. You can obtain Internet Explorer 5.01 from the following Microsoft Web site: http://www.microsoft.com/windows/ie/ STATUSMicrosoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. MORE INFORMATIONFor related information about this problem, please visit the following Microsoft Web site: http://www.microsoft.com/security/bulletins/MS99-054.aspFor additional security-related information about Microsoft products, please visit the following Microsoft Web site: http://www.microsoft.com/security/ Additional query words:
Keywords : kbenv msiew95 msient msiew31 msieunix msiew98 |
|
Last Reviewed: December 2, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |