Update Available for Cross-Frame Security Issue (168485)


The information in this article applies to:

  • Microsoft Internet Explorer 1.0 for Windows 95
  • Microsoft Internet Explorer 2.0 for Windows 95
  • Microsoft Internet Explorer 3.0 for Windows 95
  • Microsoft Internet Explorer 3.01 for Windows 95
  • Microsoft Internet Explorer 3.02 for Windows 95
  • Microsoft Internet Explorer 4.0 for Windows 95
  • Microsoft Internet Explorer 4.01 for Windows 95
  • Microsoft Internet Explorer 5.0 for Windows 95
  • Microsoft Internet Explorer 5.01 for Windows 95
  • Microsoft Internet Explorer 5.5 for Windows 95
  • Microsoft Internet Explorer 3.x for Windows 95
  • Microsoft Internet Explorer 4.x for Windows 95
  • Microsoft Internet Explorer 2.0 for Windows NT 4.0
  • Microsoft Internet Explorer 3.0 for Windows NT 4.0
  • Microsoft Internet Explorer 3.01 for Windows NT 4.0
  • Microsoft Internet Explorer 3.02 for Windows NT 4.0
  • Microsoft Internet Explorer 4.0 for Windows NT 4.0
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0
  • Microsoft Internet Explorer 5.0 for Windows NT 4.0
  • Microsoft Internet Explorer 5.01 for Windows NT 4.0
  • Microsoft Internet Explorer 5.5 for Windows NT 4.0
  • the operating system: Microsoft Windows 98
  • Microsoft Internet Explorer 2.0 for Macintosh
  • Microsoft Internet Explorer 2.1 for Macintosh
  • Microsoft Internet Explorer 3.0 for Macintosh
  • Microsoft Internet Explorer 4.0 for Macintosh
  • Microsoft Internet Explorer 4.01 for Macintosh
  • Microsoft Internet Explorer 4.5 for Macintosh
  • Microsoft Internet Explorer 5.0 for Macintosh
  • Microsoft Internet Explorer 3.01a for Macintosh
  • Microsoft Internet Explorer 3.0a for Macintosh
  • Microsoft Internet Explorer 2.0 for Windows 3.1
  • Microsoft Internet Explorer 2.01 for Windows 3.1
  • Microsoft Internet Explorer 2.1 for Windows 3.1
  • Microsoft Internet Explorer 3.0 for Windows 3.1
  • Microsoft Internet Explorer 3.01 for Windows 3.1
  • Microsoft Internet Explorer 3.03 for Windows 3.1
  • Microsoft Internet Explorer 4.0 for Windows 3.1
  • Microsoft Internet Explorer 4.01 for Windows 3.1
  • Microsoft Internet Explorer 4.5 for Windows 3.1
  • Microsoft Internet Explorer 5.0 for Windows 3.1
  • Microsoft Internet Explorer 3.02a for Windows 3.1
  • Microsoft Internet Explorer 1.5 for Windows NT 3.51
  • Microsoft Internet Explorer 2.0 for Windows NT 3.51
  • Microsoft Internet Explorer 3.0 for Windows NT 3.51
  • Microsoft Internet Explorer 3.01 for Windows NT 3.51
  • Microsoft Internet Explorer 3.03 for Windows NT 3.51
  • Microsoft Internet Explorer 4.0 for Windows NT 3.51
  • Microsoft Internet Explorer 4.01 for Windows NT 3.51
  • Microsoft Internet Explorer 4.5 for Windows NT 3.51
  • Microsoft Internet Explorer 5.0 for Windows NT 3.51
  • Microsoft Internet Explorer 3.02a for Windows NT 3.51
This article was previously published under Q168485

SUMMARY

Microsoft has released an update that addresses a potential security issue with the implementation of cross-frame security in Microsoft Internet Explorer. Additional information about this issue is available from the following Microsoft Web sites:

Updates are available for the following products:

  • Microsoft Internet Explorer 4.01 for Windows 95 and Windows NT 4.0 (x86 and Alpha)
  • Microsoft Windows 98
  • Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51
  • Microsoft Internet Explorer 4.01 for Macintosh
This issue may enable a malicious Web site administrator to read files from a remote computer by circumventing the safeguards that Microsoft has implemented with regard to scripts interacting with other instances of Internet Explorer. Note that Microsoft has not received reports of adverse effects due to this issue.

MORE INFORMATION

Update Information by Product:

NOTE: If you are using Internet Explorer 3.x or 4.0, you must install Internet Explorer 4.01 in order to apply this update. You can install Internet Explorer 4.01 with Service Pack 1 from the following Microsoft Web site:

http://www.microsoft.com/windows/ie/downloads/default.mspx

Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows 95:

Update File Name: ie4jsn.exe
Availability: http://www.microsoft.com/windows/ie/security/default.mspx

   Updated File Name    Size (bytes)   Date       Version
   ------------------------------------------------------------
   Mshtml.dll           2,413,840      9-02-98    4.72.3509.100
Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows NT 4.0 x86:

Update File Name: ie4jsn.exe
Availability: http://www.microsoft.com/windows/ie/security/default.mspx

   Updated File Name    Size (bytes)   Date       Version
   ------------------------------------------------------------
   Mshtml.dll           2,413,328      9-02-98    4.72.3509.100
Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows NT 4.0 Alpha:

Availability: http://www.microsoft.com/windows/ie/security/default.mspx

   Updated File Name    Size (bytes)   Date       Version
   ------------------------------------------------------------
   Mshtml.dll           3,937,552      9-02-98    4.72.3509.200
Windows 98:

Update File Name: ie4jsn.exe
Availability: Microsoft Windows Update 

   Updated File Name    Size (bytes)   Date       Version
   ------------------------------------------------------------
   Mshtml.dll           2,413,840      9-02-98    4.72.3509.100
Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51:

Update File Name: 2758.exe
Availability: http://www.microsoft.com/windows/ie/security/default.mspx

   Updated File Name    Size (bytes)   Date       Version
   ------------------------------------------------------------
   Mshtml16.dll         3,084,160      9-02-98    4.01.2509.200
   Urlmon16.dll           351,280      9-02-98    4.01.2509.201
Modification Type:MajorLast Reviewed:12/30/2005
Keywords:kbenv kbinfo kbweb KB168485
©2004 Microsoft Corporation. All rights reserved.