Desktop Central helps administrators to automate patch deployment of both Microsoft and Non-Microsoft Applications from a central point. |
|
| Internet Explorer 5.5 Patch Details |  Internet Explorer 5.5 Patches |
| Patch Name : |
Q323759.exe |
| Patch Description : |
Cumulative security update for Internet Explorer (KB323759) |
| Bulletin Id : |
MS02-047 |
| Bulletin Title : |
Cumulative Patch for Internet Explorer (Q323759) |
| KnowledgeBase : | 323759 |
| Severity : |
Critical |
| Location Path : | Q323759.exe |
| Bulletin Summary: |
This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, it eliminates the following six newly discovered vulnerabilities:
-
A buffer overrun vulnerability affecting the Gopher protocol handler. This vulnerability was originally discussed in Microsoft Security Bulletin MS02-027, which provided workaround instructions while the patch provided here was being completed.
-
A buffer overrun vulnerability affecting an ActiveX control used to display specially formatted text. The control contains a buffer overrun vulnerability that could enable an attacker to run code on a user's system in the context of the user.
-
A vulnerability involving how Internet Explorer handles an HTML directive that displays XML data. By design, the directive should only allow XML data from the web site itself to be displayed. However, it does not correctly check for the case where a referenced XML data source is in fact redirected to a data source in a different domain. This flaw could enable an attacker's web page to open an XML-based files residing a remote system within a browser window that the site could read, thereby enabling the attacker to read contents from websites that users had access to but the attacker was not able to navigate to.
-
A vulnerability involving how Internet Explorer represents the origin of a file in the File Download Dialogue box. This flaw could enable an attacker to misrepresent the source of a file offered for download in an attempt to fool users into accepting a file download from an untrusted source believing it to be coming from a trusted source.
-
A Cross Domain verification vulnerability that occurs because of improper domain checking in conjunction with the Object tag. As a result, the vulnerability could enable a malicious web site operator to access data across different domains, for example one in a web site's domain and the other on the user's local file system and then pass information from the latter to the former. This could enable the web site operator to read, but not change, any file on the user's local computer that could be viewed n a browser window. In addition, this can also enable an attacker to invoke, but not pass parameters to, an executable on the local system, much like the 'Local Executable Invocation via Object tag' vulnerability discussed in MS02-015.
-
A newly reported variant of the 'Cross-Site Scripting in Local HTML Resource' vulnerability originally discussed in Microsoft Security Bulletin MS02-023. Like the original vulnerability, this variant could enable an attacker to create a web page that, when opened, would run in the Local Computer zone, allowing it to run with fewer restrictions than it would in the Internet Zone. In addition, the patch sets the Kill Bit on the MSN Chat ActiveX control discussed in Microsoft Security Bulletin MS02-022 as well as the TSAC ActiveX control discussed in Microsoft Security Bulletin MS02-046. This has been done to ensure that vulnerable controls cannot be introduced onto users? systems. Customers who use the MSN Chat control should ensure that they have applied the updated version of the control discussed in MS02-022 and customers who use the TSAC control should ensure that they have applied the updated version of the control discussed in MS02-046.
|
| Superceding Bulletin Id : |
None |
| Patch Release Date : |
Aug 21, 2002 |
| CVE Id : | CAN-2002-0647 |
| Affected Product Information |
|
| Product Name |
Service Pack Name |
| Internet Explorer 5.5 | Internet Explorer 5.5 SP1 |
|
| File changes |
|
| File Path |
Version |
| %windir%\system32\actxprxy.dll | 5.50.4724.1700 |
| %windir%\system32\digest.dll | 5.50.4724.1700 |
| %windir%\system32\plugin.ocx | 5.50.4724.1700 |
| %windir%\system32\shdoc401.dll | 5.50.4724.1700 |
| %windir%\system32\mshtmled.dll | 5.50.4724.1700 |
| %windir%\system32\shfolder.dll | 5.50.4724.1700 |
| %windir%\system32\url.dll | 5.50.4915.500 |
| %windir%\system32\mshtml.dll | 5.50.4731.2200 |
| %windir%\system32\shdocvw.dll | 5.50.4731.2200 |
| %windir%\system32\urlmon.dll | 5.50.4731.2200 |
| %windir%\system32\wininet.dll | 5.50.4730.700 |
|
| Registry changes |
|
| Registry Path |
Key Name |
Key Value |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273} | | -2 |
|
|
| |
|
|
|
| |
|
|
| Patch Mgmt Features |
 |
|
|
| Desktop Mgmt Features |
|
|
|
| Forums |
|
|
|
| |
|
