| |
 |
|
| Update for "Image Source Redirect" Vulnerability, February 2000 |
| Installing this security update will eliminate the 'Image Source Redirect' vulnerability found in Internet Explorer. Without this update, a malicious Web site operator could read (but not add, change, or delete) certain types of files on your computer. |
|
| |
|
|
|
| |
|
|
| Internet Explorer Schannel.dll Update, December 1999 |
| The version of Internet Explorer 5.01 that is released on the Web contains an incorrect internal key in the Schannel.dll file. This may cause programs and services on your computer that use Secure Socket Layer (SSL) or Security Support Provider Interface (SSPI) to no longer function. Installing this update will eliminate this problem by providing you with a corrected Schannel.dll file. NOTE: If you have installed high (128-bit) encryption on your computer, you do not need to install this update. |
|
| |
|
|
|
| |
|
|
|
| |
|
|
| Update for "Active Setup Control" Vulnerability, November 1999 |
| Installing this update will eliminate the "Active Setup Control" vulnerability. With this update, you can prevent an outside user from using a particular ActiveX control to automatically run a malicious email attachment saved on your computer. Mail reader applications affected by this vulnerability include Outlook and Outlook Express. |
|
| |
|
|
| Update for "IFRAME ExecCommand" Vulnerability (also eliminates "Download Behavior" Vulnerability), October 1999 |
| This update eliminates the "IFRAME ExecCommand" and "Download Behavior" security vulnerabilities in Internet Explorer. With this update, you can prevent a malicious web site operator from reading files on your computer and/or local intranet without your permission. NOTE: Additional vulnerabilities have been discovered since the original release of this security update on October 20. Please download this latest version of the security update, released November 3, 1999. |
|
| |
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
|
| "Favorites" security update, May 27, 1999 |
| This fix eliminates two security vulnerabilities in Internet Explorer. The first could allow arbitrary code to be run on your computer. The second could allow the local hard drive to be read. |
|
| |
|
|
| "MSHTML" update, April 21, 1999 |
| This fix corrects three vulnerabilities in Internet Explorer's MSHTML.DLL file, and also fixes the "Frame Spoof," "Untrusted Scripted Paste," and "Cross Frame Navigate" vulnerabilities. |
|
| |
|
|
| "DHTML Edit Control" Update, April 21, 1999 |
| This fix eliminates a vulnerability in an ActiveX control that could allow a malicious web site operator to read information that a user had loaded into the control, and to copy files with known names from the user's local hard drive. |
|
| |
|
|
| "Frame Spoof" fix, December 23, 1998 |
| This fix corrects a vulnerability in Internet Explorer that could allow a web site operator to create a false window that imitates a window on a legitimate web site. The threat posed by this vulnerability is that the false window could collect information from you and send it back to the original site. |
|
| |
|
|
| Updated "Untrusted Scripted Paste" patch, November 18, 1998 |
| Microsoft has updated the "Untrusted Scripted Paste" patch for Internet Explorer, to fix both the original security vulnerability and a recently discovered variant of this problem. Microsoft highly recommends that all affected customers -- including anyone who downloaded the original patch before November 18 -- now download the updated patch to protect their computers. |
|
| |
|
|
|
| |
|
|
| "Cross Frame Navigate" patch, September 4, 1998 |
| This issue involves a vulnerability in Internet Explorer 3 and 4 that could allow a clever hacker to circumvent Internet Explorer's security safeguards. This vulnerability makes it possible for a malicious Web site operator to read the contents of files on your computer. |
|
| |
|
|
| "Window.External" JScript patch, August 18, 1998 |
| This security update resolves an issue that can cause Internet Explorer to close unexpectedly when browsing a web page that contains malicious JScript script. Downloading this update will prevent possible unauthorized access to your computer. |
|
| |
|
|
| Outlook Express File Attachment patch, August 11, 1998 |
| This security update resolves an issue that can cause Outlook Express to close unexpectedly when you open a message that contains an attachment with an extremely long name. Downloading this update will prevent possible unauthorized access to your computer. This patch has been updated since the initial fix was made available on July 27, 1998. |
|
| |
|
|
| NetMeeting Speed Dial issue, April 21, 1998 |
| This issue makes it possible for a malicious Website author to link to a specially edited NetMeeting speed dial object and cause NetMeeting to crash. Once NetMeeting has crashed, a skilled hacker could run arbitrary code in the computer's memory. |
|
| |
|
|
| Embed issue, March 31, 1998 |
| This issue could allow a malicious Web page to cause Internet Explorer 4.0 to crash through an exploit with the EMBED tag. It's difficult, but possible, for the page to then run code in memory on that machine. |
|
| |
|
|
|
| |
|
|
| MK Overrun issue, January 16, 1998 |
| This issue can cause Internet Explorer 4.0 to crash when a malicious Web site contains a certain kind of URL (that begins with mk://) with more characters than the browser supports. The extra characters could form a malicious executable that could then run on your computer. |
|
| |
|
|
|
| |
|
|
| Page Redirect issue, November 20, 1997 |
| This issue involves Web sites that require basic user authentication information (name and password). If the Web site redirects you to another, malicious Web site, your authentication information could potentially be captured by the second Web site. |
|
| |
|
|
| Buffer Overrun issue, November 14, 1997 |
| This issue can cause Internet Explorer 4.0 to crash when a malicious Web site contains a certain kind of URL (that begins with res://) with more characters than the browser supports. The extra characters could form a malicious executable that could then run on your computer. |
|
| |
|
|
| "Freiburg" text-viewing fix, November 11, 1997 |
| The issue could allow a malicious person to create a Web page that is intentionally designed to exploit this problem to view the contents of a text file, HTML file, or graphic image from a user's hard disk. |
|
| |
|
|
|
| |
|
|
| Password security issue, August 26, 1997 |
| This issue makes it possible for a specially designed program to force Microsoft Internet Explorer 3.02 for Windows 95 to send a user's logon name and password across the network in a clear-text format, instead of in the normal encrypted (scrambled for protection) format. It may then be possible to intercept and read that password using such a program. |
|
| |
|
|
| Java redirect security problem, August 19, 1997 |
| This issue affects the Java Virtual Machine and not the browser. When a user visits a malicious Web site, the site could download an image from another Web site -- such as an intranet that the user has permission to access -- without the user's permission. |
|
| |
|
|
| PowerPoint security update users, August 6, 1997 |
| This issue involves the potential misuse of a PowerPoint 95/97 feature that allows an application to be run from within PowerPoint without warning the user. The problem can occur in browsers such as Internet Explorer that support the viewing of PowerPoint files from within the browser. |
|
| |
|
|
|
| |
|
|
|
| |
|
|
|
