ID: Q176697
The information in this article applies to:
This article describes the following security issues in Internet Explorer, and the patches that address these issues:
NOTE: These patches are included in Internet Explorer 4.01 Service Pack 1.
NOTE: These patches are included in Internet Explorer 4.01 and Internet Explorer 4.01 Service Pack 1.
ARTICLE-ID: Q185957
TITLE : Microsoft Internet Explorer 4.01 Service Pack 1 Available
Microsoft has posted a fix to protect Internet Explorer customers against a potential problem known as the MK Overrun issue. This issue can cause Internet Explorer 4.0 or 4.01 to stop responding (hang) when a malicious Web site uses a "mk://" Web address that contains more characters than Internet Explorer supports. These extra characters could form a malicious executable file that could be run on your computer.
This issue was originally reported on the following Web site:
http://l0pht.com/advisories.html.
This issue affects customers who use the following products:
NOTE: Microsoft Windows 3.1, Microsoft Windows NT 3.5, Macintosh, and Unix versions of Internet Explorer are not affected by this issue. The patches will eventually be available in several languages.
For additional information (or to download the patch), please see the following Microsoft Web site:
http://www.microsoft.com/ie/security/?/ie/security/mk.htm
The MK Overrun patch updates the Urlmon.dll file in the Windows\System or
Winnt\System32 folder to the following size, date, and version:
Browser Platform Size (in bytes) Date Version
----------------------------------------------------------
Windows 95 483,600 1/15/98 4.72.2915.0
Windows NT 4.0 484,112 1/15/98 4.72.2915.0
To uninstall this patch, extract the original Urlmon.dll file from the
Internet Explorer 4.0 or 4.01 Ie4_s3.cab cabinet file.
Microsoft has posted a fix to protect Internet Explorer customers against a potential problem known as the Embed Buffer Overrun issue. This issue can cause Internet Explorer 4.0 or 4.01 to stop responding (hang) when you view a malicious Web page containing the "EMBED" tag. It is very difficult, but possible, for a knowledgeable Web page developer to cause a malicious executable file to be run on your computer when you load a Web page that contains the "EMBED" tag.
This issue was originally reported on the following Web sites:
For additional information (or to download the patch), please see the following Microsoft Web site:
http://www.microsoft.com/ie/security
The Embed Buffer Overrun patch updates the Mshtml.dll file in the
Windows\System or Winnt\System32 folder to the following size, date, and
version:
NOTE: This information applies to the US versions of the patch. Updates for other language versions, the Macintosh and UNIX versions of Internet Explorer, and Internet Explorer Administration Kit will be available at a later date.
This is an update to Microsoft Internet Explorer which resolves an issue where a malicious Web site that, when visited, is able to use script to read a file on the user's system. Downloading this update will prevent possible unauthorized access to your computer. This update also includes the Microsoft Internet Explorer Cross Frame Navigation Security Update which was previously released on Windows Update.
Internet Explorer 4.0 for Windows 95 (patch name: Em4095.exe):
Size (bytes) Date Version
----------------------------------------------
2,408,208 03/27/98 10:55pm 4.71.1712.20
Internet Explorer 4.0 for Windows NT 4.0 (patch name: Em40nt.exe):
Size (bytes) Date Version
----------------------------------------------
2,407,696 03-27-98 10:52pm 4.71.1712.20
Internet Explorer 4.01 for Windows 95 (patch name: Em40195.exe):
Size (bytes) Date Version
----------------------------------------------
2,398,992 03-27-98 5:38pm 4.72.2106.20
Internet Explorer 4.01 for Windows NT 4.0 (patch name: Em401nt.exe):
Size (bytes) Date Version
----------------------------------------------
2,402,064 3-27-98 5:48pm 4.72.2106.20
To uninstall the patch, extract the original Mshtml.dll file from the
Internet Explorer 4.0 or 4.01 Ie4_s2.cab (Windows 95) or Ie4nt_1.cab
(Windows NT 4.0) cabinet file.
When you connect to a Web site that requires user authentication information (name and password), and the Web site redirects you to another Web site, your authentication information may be captured by the second Web site.
NOTE: Microsoft has received no reports of any Internet Explorer user being affected by this problem to date.
Internet Explorer 3.02 users should download the Redir302.exe patch. Internet Explorer 4.0 users should download the Redir40.exe patch.
Microsoft has confirmed this to be a problem in Internet Explorer versions 3.02 and 4.0 for Windows 95 and Windows NT 4.0, and has provided a patch that fixes the problem.
NOTE: The Page Redirect issue does not affect Internet Explorer for Windows 3.1, Windows NT 3.51, or Macintosh. It does affect Platform Preview 1 of Internet Explorer 4.0 for UNIX on Sun Solaris. Note that Microsoft recommends using preview versions for evaluation purposes only and will fix this issue in the final version of Internet Explorer 4.0 for UNIX on Sun Solaris. In the meantime, we recommend that Platform Preview 1 of Internet Explorer 4.0 for UNIX on Sun Solaris users do not enter their authentication information at Web sites.
When you install this patch, the Wininet.dll file in the Windows\System folder (in Windows 95) or Winnt\System32 folder (in Windows NT) is updated as follows:
Browser Version Size Date
----------------------------------------------------------------
Internet Explorer 3.02 4.70.1323 300,816 11/03/97 11:32a
Internet Explorer 4.0 4.71.2113.0 368,400 11/14/97 11:19a
A malicious Web page author could create a Web page with a link containing the "res://" URL type using more characters than the "res://" URL type was designed to support (256 characters). When you navigate to such a link, the characters beyond the first 256 could contain malicious code that could be executed on your computer.
Microsoft has confirmed this to be a problem in Internet Explorer version 4.0 for Windows 95, and has provided a patch that fixes the problem. Note that this problem does not affect Windows NT, Windows 3.1, or Macintosh users of Internet Explorer 4.0, or any other versions of Internet Explorer.
When you install this patch, the Mshtml.dll file is updated to version 4.71.2110.0 (2,408,208 bytes, last modified on 11/10/97) on Windows 95 only.
Microsoft has released a patch for Internet Explorer 4.0 for Windows 95 and Windows NT 4.0 to protect your computer against a potential problem with Internet Explorer 4.0 known as the "Freiburg" text-viewing issue.
NOTE: The Windows 95 version of this patch is no longer available on Microsoft's Web site. The "Freiburg" patch is included in the Buffer Overrun patch for Windows 95 only.
When you install this patch, the Mshtml.dll file is updated to version 4.71.2016.0.
NOTE: The version number reported when you click About Internet Explorer on the Help menu (version 4.71.1712.6) and the Internet Explorer 4.0 user agent string (Mozilla/4.0 [compatible; MSIE4.0;Window 95]) are unchanged for this patch.
The potential problem exposed by the "Freiburg" text-viewing issue could allow a malicious Web site to obtain the contents of a text, Hypertext Markup Language (HTML), or graphics file from your hard disk. The file obtained cannot be damaged or manipulated on your computer, but it can be viewed.
A malicious person could create a Web page that is intentionally designed to exploit the "Freiburg" text-viewing issue. The Web page must be specifically designed to use the exact name and location of a text, HTML, or graphics file on your hard disk. Even if the exact name and location of a file is used, the Web site cannot destroy or tamper with any data, and data cannot be obtained from files other than text, HTML, or graphics files.
To protect your computer against this problem, disable scripting for unfamiliar Web sites by using the security zones feature of Internet Explorer 4.0. Network administrators can also use security zones to prevent this problem from occurring on their intranet.
To disable scripting for unfamiliar Web sites, follow these steps in Internet Explorer:
1. On the View menu, click Internet Options, and then click the Security
tab.
2. In the Zone box, click Restricted Sites Zone.
3. Under Restricted Sites Zone, click Custom (For Expert Users), and then
click Settings.
4. Under Active Scripting, click disable, and then click OK.
5. To add a specific Web site to the Restricted Sites Zone, click Add
Sites.
6. Type a Web address in the "Add this Web site to the zone" box, and
then click Add.
7. Click OK, and then click OK again.
For additional information about Internet Explorer 4.0 security zones, please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q174360
TITLE : How to Use Security Zones in Internet Explorer 4.0
Additional query words: 4.00 4.01 iframe jscript java update fix frieberg
freiberg frieburg secure
Keywords : kbenv msiew95 msient msieunix kbfaq
Version : UNIX:4.01,5; WINDOWS:3.02,4.0,4.01,5
Platform : UNIX WINDOWS
Last Reviewed: May 13, 1999