After you install security update 867282 that is included with Security Bulletin MS05-014, Internet Explorer crashes when you copy images from Web sites that use the <input type=image> tag (894926)


The information in this article applies to:

  • Microsoft Internet Explorer 5.01 SP4
  • Microsoft Internet Explorer 5.01 SP3
  • Microsoft Internet Explorer 5.5 SP2
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Advanced Server SP4
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows XP Home Edition SP2
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional 64-Bit Edition (Itanium)
  • Microsoft Windows XP Home Edition SP1
  • Microsoft Windows XP Professional SP1

SYMPTOMS

After you install security update 867282 that is included with Microsoft Security Bulletin MS05-014, Microsoft Internet Explorer crashes when you copy images from Web sites that use the <input type=image> tag.

CAUSE

A change was included in security update 867282 that helps to block a specific, potentially malicious scenario of dragging a Microsoft Excel spreadsheet that looks similar to an image to your desktop. The code that was changed to help block this scenario is used for drag-and-drop operations and for image copy operations. Because of the change, a logic error was introduced that can cause Internet Explorer to crash when you copy images from the <input type=image> tag.

RESOLUTION

To resolve this problem, install security update 890923 (MS05-020). For more information about security update 890923, click the following article number to view the article in the Microsoft Knowledge Base:

890923 MS05-020: Cumulative security update for Internet Explorer

WORKAROUND

Workaround for Web developers


If you have a site that uses the <input type=image> tag, you can do the following things to work around this issue:
  • To display an image, you can use the img element, for example <img src="sample.gif">, instead of using the input element with a type attribute that specifies an image.
  • To submit the coordinates of the image that the user clicked on, you can use the <img> element and an <onclick> handler to capture the coordinates and to submit them through the <input type=submit> control. For example, use the following code.
    <script>
function ClickHandler(e)
{
 document.all.form1.imgx.value = e.offsetX;
 document.all.form1.imgy.value = e.offsetY;
 document.all.form1.submit();
}
</script>
<form action="form.asp" method="post" id=form1 name=form1>
<input type=hidden name="imgobj.x" id=imgx value=0>
<input type=hidden name="imgobj.y" id=imgy value=0>
<img src=someimage.jpg onclick="ClickHandler(event);">
</form>
We are working on a software update to resolve this issue. This update will be included in the next Internet Explorer security update.

Workaround for Web users

To work around this issue, follow these steps:
  1. Right-click the image that uses the <input type=image> tag, and then click Save Picture As to save the image file to the desktop.
  2. Click Start , click Run, type mspaint in the Open box, and then click OK.
  3. In Microsoft Paint, click Open on the File menu.
  4. Click to select the image file that you saved to the desktop, and then click Open.
  5. On the Edit menu, click Select All to select the image.
  6. On the Edit menu, click Copy.
You can now paste the image to other applications.

REFERENCES

For additional information about MS05-014, click the following article number to view the article in the Microsoft Knowledge Base:

867282 MS05-014: Cumulative security update for Internet Explorer

Modification Type:MinorLast Reviewed:7/8/2005
Keywords:kbSecurity kbAppDev kbadmin kbExpertiseAdvanced kbExpertiseInter kbtshoot kberrmsg kbCodeSnippet kbcode kbprb KB894926
©2004 Microsoft Corporation. All rights reserved.