Internet Explorer: Update for "Server-Side Page Reference Redirect" Vulnerability

		All Products \| Support \| Search \| microsoft.com Home

Windows Home Pages \| Download \| Support \|

Internet Explorer Home

Features

Web Accessories

Reviews

System Requirements

Business

Developers

Internet Service Providers

International Sites

Update for "Server-Side Page Reference Redirect" Vulnerability (also eliminates "ImportExportFavorites" Vulnerability)
December 1999

Microsoft has released a patch to eliminate a security vulnerability in Internet Explorer. The vulnerability could allow a malicious Web site operator to view a file on the computer of a visiting user, provided that the Web site operator knew the name and location of the file. This also includes the previously-released update for the "ImportExportFavorites" vulnerability. If you have not yet installed the update for the "ImportExportFavorites" vulnerability, you only need to install this new update to eliminate both vulnerabilities.

Information on All Available Fixes
See the full list of affected browsers and fixes.

About the "Server-Side Page Reference Redirect" and "ImportExportFavorites" Vulnerabilities
A security vulnerability has been discovered in Microsoft Internet Explorer 4.01, 5 and 5.01, that could allow a malicious Web site operator to view a file on the computer of a visiting user, provided that the Web site operator knew the name and location of the file. The malicious Web site operator can view, but not change, create or delete, files on the computer of a visiting user.

This update also includes the previously-released update for the "ImportExportFavorites" vulnerability, that could allow a Web site operator to write malicious files to a visiting user's computer. If you have not yet installed the update for the �ImportExportFavorites� vulnerability, you only need to install this new update to eliminate both vulnerabilities.

For more technical details on the "Server-Side Page Reference Redirect" issue, see Microsoft Security Bulletin MS99-050.

For more technical details on the "ImportExportFavorites" issue, see Microsoft Security Bulletin MS99-037.

Whose Computer Is at Risk?
Here is a list of operating systems and fixes for the English language versions only. (International language versions also may be available.)

Windows 98

Internet Explorer 5.01 and Internet Tools Click here to download the fix

Internet Explorer 5 and Internet Tools Click here to download the fix

Internet Explorer 4.01 Service Pack 2 Click here to download the fix

Internet Explorer 4.01 Service Pack 1 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Internet Explorer 4.01 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Windows 95

Internet Explorer 5.01 and Internet Tools Click here to download the fix

Internet Explorer 5 and Internet Tools Click here to download the fix

Internet Explorer 4.01 Service Pack 2 Click here to download the fix

Internet Explorer 4.01 Service Pack 1 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Internet Explorer 4.01 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Internet Explorer 4.0 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Windows NT 4.0 (x86)

Internet Explorer 5.01 and Internet Tools Click here to download the fix

Internet Explorer 5 and Internet Tools Click here to download the fix

Internet Explorer 4.01 Service Pack 2 Click here to download the fix

Internet Explorer 4.01 Service Pack 1 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Internet Explorer 4.01 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Internet Explorer 4.0 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Windows NT 4.0 (DEC Alpha)

Internet Explorer 5 and Internet Tools Click here to download the fix

Internet Explorer 4.01 Service Pack 2 Click here to download the fix

Internet Explorer 4.01 Service Pack 1 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Internet Explorer 4.01 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Internet Explorer 4.0 You need to upgrade to Internet Explorer 4.01 Service Pack 2 or higher by clicking here. Then, return to this site and click here to download the fix.

Windows 3.1 and Windows NT 3.51

Internet Explorer (all versions) Not vulnerable

Macintosh

Internet Explorer (all versions) Not vulnerable

Unix (Solaris)

Internet Explorer (all versions) Not vulnerable

Unix (HP-UX)

Internet Explorer (all versions) Not vulnerable

Last updated: Tuesday, May 30, 2000

top of page