Update for "Javascript Redirect" Vulnerability in Internet Explorer 4.01 (244356)
The information in this article applies to:
- Microsoft Internet Explorer 4.01 for Windows 98 SP 2
- Microsoft Internet Explorer 4.01 for Windows NT 4.0 SP 2
- Microsoft Internet Explorer 4.01 for Windows 95 SP 2
This article was previously published under Q244356 SYMPTOMS
Microsoft has made an update available that addresses a potential security issue in which an HTTP redirect to a javascript:url can be used to compromise security. This issue could allow a malicious Web site operator to read files on the local computer, although the intruder would have to know the name and location of the file. The vulnerability does not allow the malicious user to list the contents of folders, create, modify or delete files.
Additional information about this issue is available from the following Microsoft Web sites:
Updates are available for the following products:
- Microsoft Internet Explorer 4.01 SP2 for Windows 95
- Microsoft Internet Explorer 4.01 SP2 for Windows NT 4.0 (Alpha and x86)
- Microsoft Windows 98
RESOLUTION
To obtain this update, download and install the appropriate Q244356.exe file for your computer from Microsoft site link below. This link navigates you to the 4.01 fix (Q244356) after you select the proper platform from the drop down dialog.
The English-language version of this fix should have the following file attributes or later: Internet Explorer 4.01 Service Pack 2
File name Size Date Version
----------------------------------------------------------------
Urlm95.dll 449,808 (x86) 10-25-99 4.72.3710.2500
Urlmnt.dll 490,256 (x86) 10-25-99 4.72.3710.2500
Urlmon.dll 830,736 (alpha) 10-25-99 4.72.3710.2500
Note that the Urlm95.dll and Urlmnt.dll files are renamed to Urlmon.dll when they are installed to their respective Windows 95 or Windows NT platform.
| Modification Type: | Minor | Last Reviewed: | 2/18/2004 |
|---|
| Keywords: | kbprb KB244356 |
|---|
|