Update for "Javascript Redirect" Vulnerability in Internet Explorer 5 (244357)


The information in this article applies to:

  • Microsoft Internet Explorer 5.0 for Windows NT 4.0
  • Microsoft Internet Explorer 5.0 for Windows 98
  • Microsoft Internet Explorer 5.0 for Windows 95
This article was previously published under Q244357

SYMPTOMS

Microsoft has made an update available that addresses a potential security issue in which an HTTP redirect to a javascript:url can be used to compromise security. This issue could allow a malicious Web site operator to read files on the local computer, although the intruder would have to know the name and location of the file. The vulnerability does not allow the malicious user to list the contents of folders, create, modify or delete files.

Additional information about this issue is available from the following Microsoft Web sites: Updates are available for the following products:
  • Microsoft Internet Explorer 5.0 for Windows 95
  • Microsoft Internet Explorer 5.0 for Windows NT 4.0 (Alpha and x86)
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition

RESOLUTION

To obtain this update, download and install the appropriate Q244357.exe file for your computer from the Microsoft site listed below. To navigate to Q244357.exe file, click the link below, and then click Next twice: The English-language version of this fix should have the following file attributes or later:
   File name           Size                Date      Version
   ----------------------------------------------------------------
   Urlmon.dll          442,640 (x86)       10-25-99   5.0.2722.2500
   Urlmon.dll          719,120 (alpha)     10-25-99   5.0.2722.2500


Note that if you try to install this update on any version of Internet Explorer other than Internet Explorer 5, you receive a message that says "This update does not need to be installed on this system" when in fact the computer may be vulnerable. For additional information about Internet Explorer 4.01, click the article number below to view the article in the Microsoft Knowledge Base:

244356 Update for "Javascript Redirect" Vulnerability in Internet Explorer 4.01

STATUS

This issue is fixed in Internet Explorer 5.01.
Modification Type:MinorLast Reviewed:2/18/2004
Keywords:kbprb KB244357
©2004 Microsoft Corporation. All rights reserved.