MS02-047: August 22, 2002, Cumulative Patch for Internet Explorer (323759)


The information in this article applies to:

  • Microsoft Internet Explorer version 6 for Windows XP
  • Microsoft Internet Explorer version 6 for Windows 2000
  • Microsoft Internet Explorer version 6 for Windows NT 4.0
  • Microsoft Internet Explorer version 6 for Windows Millennium Edition
  • Microsoft Internet Explorer version 6 for Windows 98 Second Edition
  • Microsoft Internet Explorer version 6 for Windows 98
  • Microsoft Internet Explorer 5.5 for Windows 2000 SP 1
  • Microsoft Internet Explorer 5.5 for Windows 2000 SP 2
  • Microsoft Internet Explorer 5.5 for Windows Millennium Edition SP 1
  • Microsoft Internet Explorer 5.5 for Windows Millennium Edition SP 2
  • Microsoft Internet Explorer 5.5 for Windows 98 Second Edition SP 1
  • Microsoft Internet Explorer 5.5 for Windows 98 Second Edition SP 2
  • Microsoft Internet Explorer 5.5 for Windows 98 SP 1
  • Microsoft Internet Explorer 5.5 for Windows 98 SP 2
  • Microsoft Internet Explorer 5.5 for Windows NT 4.0 SP 1
  • Microsoft Internet Explorer 5.5 for Windows NT 4.0 SP 2
  • Microsoft Internet Explorer 5.01 for Windows 2000 SP 1
  • Microsoft Internet Explorer 5.01 for Windows 2000 SP 2
This article was previously published under Q323759

SUMMARY

Microsoft has released a cumulative patch for Internet Explorer that includes updates for the issues that are described in the following Microsoft Knowledge Base articles:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

316059 MS02-005: February 11, 2002, Cumulative Patch for Internet Explorer

319182 MS02-015: March 28, 2002, Cumulative Patch for Internet Explorer

This cumulative patch also prevents the following security vulnerabilities:
  • A buffer overrun vulnerability that affects the Gopher protocol handler. This vulnerability was originally described in the following Microsoft Security Bulletin:

    MS02-027

    This bulletin includes workaround instructions for use while this cumulative patch was being completed.
  • A buffer overrun vulnerability that affects an ActiveX control that is used to display specially formatted text. The control contains a buffer overrun vulnerability that can make it possible for an attacker to run code on a user's computer in the context of the user.
  • A vulnerability that involves how Internet Explorer handles an HTML directive that displays XML data. The directive is designed to only allow XML data from the Web site itself to be displayed. However, it does not correctly look for the case where a referenced XML data source is in fact redirected to a data source in a different domain. This flaw may make it possible for an attacker's Web page to open an XML-based file that resides on a remote computer in a browser window that the site can read. An attacker can then read contents from Web sites to which users had access but the attacker cannot view.
  • A vulnerability that involves how Internet Explorer represents the origin of a file in the File Download dialog box. This flaw can make it possible for an attacker to misrepresent the source of a file that is offered for download in an attempt to trick users into accepting a file download from an untrusted source and believing it to be coming from a trusted source.
  • A newly discovered variant of the "Frame Domain Verification" vulnerability that is described in the following Microsoft Security Bulletin:

    MS02-005

    This variant occurs because of improper domain checking when frames are invoked in conjunction with the Object tag. Because of this behavior, this vulnerability can make it possible for a malicious Web site operator to open two browser windows, one in the Web site's domain and the other on the user's local file. They can then pass system information from the latter to the former. This makes it possible for the Web site operator to read, but not change, any file on the user's local computer that can be opened in a browser window. Additionally, this particular variant can also make it possible for an attacker to start, but not pass parameters to, an executable file (.exe) on the local computer. This is much like the "Local Executable Invocation via Object tag" vulnerability that is described in the following Microsoft Security Bulletin:

    MS02-015

  • A newly reported variant of the "Cross-Site Scripting in Local HTML Resource" vulnerability that was originally described in the following Microsoft Security Bulletin:

    MS02-023

    Like the original variant, this vulnerability makes it possible for an attacker to create a Web page that, when opened, would run in the Local Computer zone. This means that it can run with fewer restrictions than it would in the Internet zone.
In addition, the patch that is described in this article sets the "Kill Bit" on the MSN Chat ActiveX control that is described in Microsoft Security Bulletin MS02-022 as well as the TSAC ActiveX control that is described in Microsoft Security Bulletin MS02-046.This has been done to make sure that vulnerable controls cannot be introduced onto users' systems. Microsoft recommends that customers who use the MSN Chat control make sure that they have applied the updated version of the control discussed in MS02-022:

MS02-022

Microsoft recommends that customers who use the TSAC control make sure that they have applied the updated version of the control discussed in MS02-046:

MS02-046

For additional information about using the "kill bit" to stop an ActiveX control from running in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

240797 How to Stop an ActiveX Control from Running in Internet Explorer

For additional information about known issues that can occur when you install this update, click the article number below to view the article in the Microsoft Knowledge Base:

325192 Issues After You Install Updates to Internet Explorer or Windows

For additional information about the latest service pack for Microsoft Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

MORE INFORMATION

For more information about this patch, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-047.mspx

Download Information

The following file is available for download from the Microsoft Download Center:

DownloadDownload the Q323759 package now

Release Date: August 22, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The Internet Explorer 5.01 version of this update is for Windows 2000 only and is also available in Windows 2000 Service Pack 3 (SP3). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Installation Information

The Internet Explorer 5.5 version of this update requires Internet Explorer 5.5 Service Pack 2 (SP2) or Service Pack 1 (SP1). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

276369 How to Obtain the Latest Service Pack for Internet Explorer 5.5

The Internet Explorer 5.01 version of this update is for Windows 2000 only and requires Windows 2000 Service Pack 2 (SP2). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

You must restart your computer after you apply this update. This package supports the following switches:
  • /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
  • /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
  • /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
  • /t:<path> Specifies the target folder for extracting files.
  • /c Extracts the files without installing them.
  • /c:<path> Specifies the path and name of the Setup .inf or .exe file.
  • /r:n Never restarts the computer after installation.
  • /r:i Restart if a restart is required - Automatically restarts the computer if it is required to complete installation.
  • /r:a Always restarts the computer after installation.
  • /r:s Restarts the computer after installation without prompting the user.
  • /n:v No version checking - Install the program over any previous version.
For example, the file name /q:a /r:n command installs the update without any user intervention, and then it does not force the computer to restart.

WARNING: Your computer is vulnerable until you restart it and log on as an administrator to complete the installation.

NOTE: You cannot successfully install this update on Windows XP-based computers in non-interactive mode (for example, by using Windows Task Scheduler, Microsoft Systems Management Server, or Tivoli software from from IBM). Microsoft is researching this problem and will post more information in this article when the information becomes available.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are installed to the %WINDIR%\System32 folder: 
   Date         Time   Version         Size       File name    Internet 
                                                               Explorer
                                                               Version
   ----------------------------------------------------------------------
   23-Jul-2002  15:49  6.0.2719.2200   2,759,680  Mshtml.dll   6
   05-Mar-2002  03:09  6.0.2715.400      548,864  Shdoclc.dll  6
   23-Jul-2002  15:51  6.0.2719.2200   1,336,320  Shdocvw.dll  6
   23-Jul-2002  15:57  6.0.2715.400      109,568  Url.dll      6    
   23-Jul-2002  15:51  6.0.2719.2200     480,768  Urlmon.dll   6
   06-Jun-2000  23:43  4.71.704.0          2,272  W95inf16.dll 6
   06-Jun-2000  23:43  4.71.16.0           4,608  W95inf32.dll 6
   06-Jun-2002  20:38  6.0.2718.400      583,168  Wininet.dll  6

   06-Jun-2000  20:43  5.50.4134.600      92,432  Advpack.dll  5.5 SP2
   22-Jul-2002  20:59  5.50.4919.2200  2,755,856  Mshtml.dll   5.5 SP2
   22-Jul-2002  21:00  5.50.4919.2200  1,149,200  Shdocvw.dll  5.5 SP2
   05-Mar-2002  01:53  5.50.4915.500      84,240  Url.dll      5.5 SP2
   22-Jul-2002  21:01  5.50.4919.2200    451,344  Urlmon.dll   5.5 SP2
   06-Jun-2000  20:43  4.71.704.0          2,272  W95inf16.dll 5.5 SP2
   06-Jun-2000  20:43  4.71.16.0           4,608  W95inf32.dll 5.5 SP2
   06-Jun-2002  21:27  5.50.4918.600     481,552  Wininet.dll  5.5 SP2

   18-Dec-2001  15:48  5.50.4724.1700     79,120  Actxprxy.dll 5.5 SP1
   06-Jun-2000  20:43  5.50.4134.600      92,432  Advpack.dll  5.5 SP1
   18-Dec-2001  01:45  5.50.4724.1700     46,864  Digest.dll   5.5 SP1
   22-Jul-2002  19:41  5.50.4731.2200  2,754,320  Mshtml.dll   5.5 SP1
   18-Dec-2001  01:42  5.50.4724.1700    408,336  Mshtmled.dll 5.5 SP1
   18-Dec-2001  01:43  5.50.4724.1700     71,952  Plugin.ocx   5.5 SP1
   18-Dec-2001  15:48  5.50.4724.1700    494,352  Shdoc401.dll 5.5 SP1
   24-Jul-2002  15:30  5.50.4731.2200  1,148,688  Shdocvw.dll  5.5 SP1
   18-Dec-2001  14:52  5.50.4724.1700     23,312  Shfolder.dll 5.5 SP1
   05-Mar-2002  01:53  5.50.4915.500      84,240  Url.dll      5.5 SP1
   22-Jul-2002  19:43  5.50.4731.2200    450,832  Urlmon.dll   5.5 SP1
   06-Jun-2000  20:43  4.71.704.0          2,272  W95inf16.dll 5.5 SP1
   06-Jun-2000  20:43  4.71.16.0           4,608  W95inf32.dll 5.5 SP1
   11-Jun-2002  19:33  5.50.4730.700     482,064  Wininet.dll  5.5 SP1

   06-Jun-2000  20:43  5.50.4134.600      92,432  Advpack.dll  5.01 SP2
   09-Sep-2001  22:31                     11,264  Instcat.exe  5.01 SP2
   23-Jul-2002  14:53  5.0.3504.2500   2,355,472  Mshtml.dll   5.01 SP2
   23-Jul-2002  14:54  5.0.3504.2500   1,106,192  Shdocvw.dll  5.01 SP2
   05-Mar-2002  01:53  5.50.4915.500      84,240  Url.dll      5.01 SP2
   23-Jul-2002  14:55  5.0.3504.2500     451,344  Urlmon.dll   5.01 SP2
   06-Jun-2000  20:43  4.71.704.0          2,272  W95inf16.dll 5.01 SP2
   06-Jun-2000  20:43  4.71.16.0           4,608  W95inf32.dll 5.01 SP2
   07-Jun-2002  23:56  5.0.3506.1000     461,584  Wininet.dll  5.01 SP2
NOTE: Due to file dependencies, this update may contain additional files.
Modification Type:MinorLast Reviewed:9/27/2005
Keywords:kbHotfixServer kbQFE kbQFE kbWin2kSP4fix kbbug kbfix kbIE501preSP3Fix kbIE550PreSP3fix kbIE600preSP1fix KbSECBulletin kbSecurity KbSECVulnerability kbIE600sp1fix KB323759
©2004 Microsoft Corporation. All rights reserved.