Version: 2008
  • On MovieTome: First Look: Jessica Alba in 'Machete'!
advertisement
Click Here

Internet Explorer - Cumulative Security Update (832894) 1.0

  • Quick specs
  • Price: Update
  • Operating system: Windows 95, Windows NT, Windows XP, Windows 2000, Windows 98
  • Date added: February 01, 2004
  • Total Downloads: 589
  • Downloads last week: 2
  • See full specifications
Add to my list Add to my Watch List
Download Now
Tested spyware free

Publisher's description

From Microsoft :

Who should read this document: Customers who are using Microsoft® Internet Explorer
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the security update immediately.

This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following three newly-discovered vulnerabilities:

  • A vulnerability that involves the cross-domain security model of Internet Explorer. The cross domain security model of Internet Explorer keeps windows of different domains from sharing information. This vulnerability could result in the execution of script in the Local Machine zone. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page. The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who exploited this vulnerability could access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system. This code would run in the security context of the currently logged on user.
  • A vulnerability that involves performing a drag-and-drop operation with function pointers during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicked a link. No dialog box would request that the user approve this download. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page that had a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that had a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, code of the attacker's choice would not be executed, but could be saved on the user's computer in a targeted location.
  • A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL, this vulnerability could result in a misrepresentation of the URL in the address bar of an Internet Explorer window. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page that had a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that had a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, an Internet Explorer window could open with a URL of the attacker's choice in the address bar, but with content from a Web Site of the attacker's choice inside the window. For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. (Note: these web sites are provided as an example only, and both redirect to http://www.microsoft.com.)

    Faronics Anti-Executable Standard
    Restrict user's ability to run or install any executable program.
    Download Now

More popular Web Browsers downloads

  1. 77,776 downloads 1. Mozilla Firefox
  2. 52,523 downloads 2. Internet Explorer
  3. 41,042 downloads 3. Avant Browser
  4. 22,217 downloads 4. Google Chrome
  5. 13,974 downloads 5. Opera
  6. See all Web Browsers downloads
BounceBack Ultimate
Continuous Data Protection.
Download Now

User reviews

Write your own review Be the first one to review Internet Explorer - Cumulative Security Update (832894) 1.0 and share your experience with the CNET community!
Previous versions: See all user reviews

Submit your review

Log in or create an account to submit your review for:

Internet Explorer - Cumulative Security Update (832894) 1.0

 ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
DHTML,
HTML,
address bar,
attacker,
vulnerability

advertisement
Click Here
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET