Update Available for the "Malformed Favorites Icon" Issue (231450)


The information in this article applies to:

  • Microsoft Internet Explorer 5.0 for Windows 98 Second Edition
  • Microsoft Internet Explorer 5.0 for Windows 98
  • Microsoft Internet Explorer 5.0 for Windows 95
This article was previously published under Q231450

SUMMARY

NOTE: The update described in this article is included in the more recent update that is described in the following Microsoft Knowledge Base article:

246094 Update Available for Server-side Page Reference Redirect Vulnerability

The update that is described in this article is not required if the update that is described in article 246094 is installed on your computer.

Microsoft has released an update to Internet Explorer 5.0 that addresses a potential security issue with icons from a Web site that are added to your list of Favorites. Internet Explorer 5 includes a feature that permits a Web site administrator to customize the icon used when you add a Web site to your list of favorites. The icon from the Web site could be modified by a malicious Web site administrator in such a way that it would run executable programs on your client computer. For more information about this issue, visit the following Microsoft Web site:

http://www.microsoft.com/TechNet/security/bulletin/ms99-018.asp

Updates are available for the following products:
  • Microsoft Internet Explorer 5 for Windows 95
  • Microsoft Internet Explorer 5 for Windows 98
NOTE: Microsoft Internet Explorer 4.x and earlier versions are not affected by this issue, and this includes any version of Internet Explorer on the following platforms:
  • Microsoft Windows NT
  • Microsoft Windows 3.x
  • Macintosh
  • UNIX on Sun Solaris

MORE INFORMATION

This problem in resolved in Internet Explorer 5.01 and later. Microsoft recommends that you upgrade to the latest version of Internet Explorer to resolve this problem. For additional information about how to determine the version of Internet Explorer that is installed on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

For additional information about how to obtain the latest version of Internet Explorer 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

267954 How to Obtain the Latest Internet Explorer 5.5 Service Pack

For additional information about how to obtain the latest version of Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Internet Explorer 6 Service Pack

On December 8, 1999, Microsoft released a patch that resolves this vulnerability and several other vulnerabilities in Internet Explorer 5.0. For additional information about this patch, click the following article number to view the article in the Microsoft Knowledge Base:

246094 Update Available for "Server-Side Page Reference Redirect" Vulnerability

For additional information about the other vulnerabilities that are resolved by this patch, click the following article numbers to view the articles in the Microsoft Knowledge Base:

241361 Update Available for Vulnerabilities in ActiveX Controls Issue

231450 Update Available for the "Malformed Favorites Icon" Issue

231452 Update Available for "Legacy ActiveX Control" Issue

The English version of this fix has the following file attributes or later: 
   Updated file name   Size (bytes)   Date      Version 
   ----------------------------------------------------------
   Shdocvw.dll         94,6448        5/21/99   5.0.2717.2000
Modification Type:MajorLast Reviewed:10/13/2003
Keywords:kbenv kbprb KB231450
©2003 Microsoft Corporation. All rights reserved.