MS02-023: Patch Available for Variants of the Content Disposition Vulnerability (322927)


The information in this article applies to:

  • Microsoft Internet Explorer 5.5 for Windows NT 4.0 SP 1
  • Microsoft Internet Explorer 5.5 for Windows NT 4.0 SP 2
  • Microsoft Internet Explorer 5.01 for Windows NT 4.0 SP 2
  • Microsoft Internet Explorer 5.5 for Windows Millennium Edition SP 1
  • Microsoft Internet Explorer 5.5 for Windows Millennium Edition SP 2
  • Microsoft Internet Explorer 5.5 for Windows 98 Second Edition SP 1
  • Microsoft Internet Explorer 5.5 for Windows 98 Second Edition SP 2
  • Microsoft Internet Explorer 5.5 for Windows 98 SP 1
  • Microsoft Internet Explorer 5.5 for Windows 98 SP 2
  • Microsoft Internet Explorer 5.5 for Windows 95 SP 1
  • Microsoft Internet Explorer 5.5 for Windows 95 SP 2
  • Microsoft Internet Explorer 5.5 for Windows 2000 SP 1
  • Microsoft Internet Explorer 5.5 for Windows 2000 SP 2
  • Microsoft Internet Explorer 5.01 for Windows 2000 SP 1
  • Microsoft Internet Explorer 5.01 for Windows 2000 SP 2
  • Microsoft Internet Explorer version 6 for Windows 2000
  • Microsoft Internet Explorer version 6 for Windows 98
  • Microsoft Internet Explorer version 6 for Windows 98 Second Edition
  • Microsoft Internet Explorer version 6 for Windows NT 4.0
  • Microsoft Internet Explorer version 6 for Windows XP
  • Microsoft Internet Explorer version 6 for Windows Millennium Edition
This article was previously published under Q322927

SYMPTOMS

These vulnerabilities have basically the same scope as the previous variants, although they are two separate flaws. This vulnerability can permit an attacker to run code on the user's computer. That code can then take any action on the computer that the user can take. For additional information about the previous vulnerability, click the article number below to view the article in the Microsoft Knowledge Base:

313675 MS01-058: File Vulnerability Patch for Internet Explorer 5.5 and Internet Explorer 6

RESOLUTION

Internet Explorer 6

To resolve this problem, obtain the latest service pack for Internet Explorer 6. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Internet Explorer 6 Service Pack

The update for this problem is included in the "May 15, 2002, Cumulative Patch for Internet Explorer." For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.5 Service Pack 2

The update for this problem is included in the "May 15, 2002, Cumulative Patch for Internet Explorer." For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.5 Service Pack 1

The update for this problem is included in the "May 15, 2002, Cumulative Patch for Internet Explorer." For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.01 Service Pack 2 (on Microsoft Windows 2000 and Microsoft Windows NT 4.0 only)

This update is only for customers running Internet Explorer 5.01 Service Pack 2 on Windows 2000 Service Pack 2 or Windows NT 4.0 Service Pack 6a. If you are running Internet Explorer 5.01 on any other version of Windows, upgrade to Internet Explorer 5.5 Service Pack 2 or later, and then apply this update.

The update for this problem is included in the "May 15, 2002, Cumulative Patch for Internet Explorer." For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer


STATUS

Internet Explorer 6

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 6. This problem was first corrected in Internet Explorer 6 Service Pack 1.

Internet Explorer 5.5

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 5.5.

Internet Explorer 5.01

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 5.01.

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-023.mspx

Modification Type:MinorLast Reviewed:11/17/2005
Keywords:kbbug kbfix kbIE501preSP3Fix kbIE550PreSP3fix kbIE600preSP1fix KbSECBulletin KbSECHack kbSecurity KbSECVulnerability kbIE600sp1fix KB322927
©2004 Microsoft Corporation. All rights reserved.