ie8 fix
Click Here

Microsoft Security Bulletin MS02-068

Publisher's Description

From Microsoft:

This is an updated bulletin describing a cumulative patch for Internet Explorer 5.5 and 6.0. The original patch is unchanged and, in addition to including the functionality of all previously released patches for Internet Explorer 5.5 and 6.0, eliminates one additional flaw in Internet Explorer's cross-domain security model. This flaw occurs because the security checks that Internet Explorer carries out when particular object caching techniques are used in web pages are incomplete. This could have the effect of allowing an attacker to execute commands on a user's system.

Exploiting the vulnerability could enable an attacker to invoke an executable that was already present on the local system. It could also allow an attacker to load a malicious executable onto a user's system, or to pass parameters to an executable. However, a registry key setting discussed in Microsoft Knowledge Base Article 810687 disables shortcuts in HTML Help, which significantly reduces the scope of this vulnerability as it removes the ability to load a malicious executable on a user's system or to pass parameters to an executable.

An attacker could exploit the vulnerability by constructing a web page that uses a cached programming technique, and could then either host it on a web site or send it to a user via email. In the case of the web-based attack vector the page could be automatically opened when a user visited the site. In the case of the HTML mail-based attack vector, the page could be opened when the recipient opened the mail or viewed it using the Preview pane.

On December 4, 2002, Microsoft released the original version of this bulletin. Subsequent to that time, Microsoft received a report suggesting that the vulnerability addressed by this bulletin could be exploited to run arbitrary code on a user's machine. Microsoft investigated that report, and was able to develop a demonstration that exploits the vulnerability to run arbitrary code. We have released this updated bulletin to advise customers of our new assessment of the potential impact of the vulnerability, and of its updated severity rating.

The original patch released with this bulletin was and is effective in preventing exploitation of the vulnerability. It is also effective in eliminating all vulnerabilities addressed by prior bulletins that could allow a malicious party to run code on the machine of a user who visited a hostile web site or opened a malicious HTML email message. Microsoft strongly urges all customers to install the patch.

Click Here!
PerfectUpdater
Update drivers, stop system crashes
Download Now

More Popular Operating Systems & Updates downloads

  1. CNET TechTracker

    248,527 downloads

  2. DriverMax

    45,275 downloads

  3. SlimDrivers Free

    29,157 downloads

  4. Windows 7 USB/DVD Download Tool

    16,710 downloads

  5. Windows 7 (Professional)

    12,103 downloads

 
Roxio 3D Photo Creator
Create stunning 3D images even from photos taken with a standard camera.
Download Now
All User Reviews

Add Your Review

or Log in or create an account to post a review.
You are logged in as . Please submit your review for Microsoft Security Bulletin MS02-068 Q324929
Add Your Review

The posting of advertisements, profanity, or personal attacks is prohibited.
Click here to review our site terms of use.

Submit your reply

Submit

The posting of advertisements, profanity, or personal attacks is prohibited.
Click here to review our site terms of use.

cancel

E-mail this review

Submit cancel

Report offensive content

If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed.

Select type of offense:

Offensive: Sexually explicit or offensive language
Spam: Advertisements or commercial links
Disruptive posting: Flaming or offending other users
Illegal activities: Promote cracked software, or other illegal content
Submit cancel

See more CNET content tagged:

Microsoft Internet Explorer 5.5,
attacker,
bulletin,
executable,
vulnerability
Click Here

Error

close

ERROR MESSAGE

If you think this is an error, please contact CNET TechTracker Support for further assistance.

Ok

Running Request

close

loading

Smart Install Software

close

CNET TechTracker will now automatically install software without requiring further action by you. (Note: This feature automatically accepts associated EULAs and third party applications on your behalf.)

You have selected the following software to Smart Install:

CNET TechTracker will attempt to install this software without interrupting you again. If an application requires manual installation, CNET TechTracker will download the installer and prompt you to take further action.

Proceed with Smart Install?

Confirm Standard Install Cancel

Submit a problem report for Microsoft Security Bulletin MS02-068

close

Please describe the problem you have with this software. This information will be sent to our editors for review.

Problem:

The CNET Installer isn't working as expected

The download link does not work

The software has a newer version

The software contains malware

Other

Description:

Please select a feedback type.

Please enter a description.

Submit Problem Report

Problem Report submitted

close

Thank you for submitting a problem report! The Download team is committed to providing you with accurate software information.

OK