Downloaded Programs Can Run on Internet Explorer 5.1 for Macintosh for OS X (311052)



The information in this article applies to:

  • Microsoft Internet Explorer version 5.1 for Macintosh

This article was previously published under Q311052

SYMPTOMS

A vulnerability in Internet Explorer 5.1 for Macintosh could allow a program to run unexpectedly. If an attacker were to convince you to download a malicious program that is compressed as a BinHex or MacBinary file type, the program could run after the download process finished.

For such an attack to succeed, you would have to initiate the download process. This vulnerability cannot be used to automatically download and run malicious code on your computer.

CAUSE

This vulnerability results because of an issue in how Internet Explorer and Macintosh OS X interoperate when they handle downloaded MacBinary and BinHex files.

RESOLUTION

To resolve this problem, use the Software Update feature in Macintosh OS X version 10.1 to install the Internet Explorer 5.1 Security Update. Additional information about the Software Update feature is available at the following Apple Computer Web site: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Internet Explorer 5.1 for Macintosh.

MORE INFORMATION

For additional information about this vulnerability, visit the following Microsoft Web site:

Modification Type:MajorLast Reviewed:6/21/2004
Keywords:kbbug kbfix KbSECHack kbSecurity KbSECVulnerability KB311052