Internet Explorer Security Patches IE Security Patches for 2000 Forrest Stroud
Internet Explorer Security Patches for 2000
12.04.00. The "Browser Print Template" and "File Upload via Form" Vulnerabilities Patch eliminates four security vulnerabilities in Internet Explorer 5.x: the "Browser Print Template" vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site; the "File Upload via Form" vulnerability, which could enable a malicious web site operator to read files on a visiting user's computer; and new variants of the "Scriptlet Rendering" and "Frame Domain Verification" vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user's computer.
10.13.00. The "Cached Web Credentials" Vulnerability Patch eliminates a security vulnerability that could, under "a daunting set of conditions", enable a malicious user to obtain another user’s userid and password to a Web site. Internet Explorer 5.5 is not affected by this vulnerability, but all versions of IE 4 and 5 prior to 5.5 are susceptible.
08.10.00. The "Scriptlet Rendering" and "Frame Domain Verification" Vulnerabilities Patch eliminates two security vulnerabilities that could allow a malicious web site operator to view files on the computer of visiting user. The malicious web site operator would need to know the name and location of the file on the user's computer, and could only view files that can be opened in a browser window. Both vulnerabilities require Active Scripting in order to be effective. If the malicious site were included in a Security Zone that does not allow Active Scripting, the vulnerabilities could not be exploited.
06.29.00. The "Active Setup Download" Vulnerability Patch eliminates a security vulnerability in an ActiveX control that ships with IE that could be used to overwrite files on the computer of a user who visited a malicious Web site. All versions of IE 4 and 5 are susceptible to this vulnerability.
06.05.00. The "SSL Certificate Validation" Vulnerabilities Patch eliminates two vulnerabilities that involve how IE handles digital certificates. Under a very daunting set of circumstances, they could allow a malicious Web site operator to pose as a trusted web site. All versions of IE 4 and 5 are susceptible to these two vulnerabilities.
06.02.00. The "HTML Help File Code Execution" Vulnerability Patch eliminates a vulnerability that could allow, under certain condidions, a malicious Web site to take inappropriate action on the computer of a visiting user. All versions of Internet Explorer 4 and 5 are susceptible to this vulnerability.
05.17.00. The May 17th IE Security Update is a comprehensive patch that eliminates three security vulnerabilities in Internet Explorer 4/5: the "Frame Domain Verification" vulnerability, which could allow a malicious web site operator to read, but not change or add, files on the computer of a visiting user; the "Unauthorized Cookie Access" vulnerability, which could allow a malicious web site operator to access "cookies" belonging to a visiting user; and the "Malformed Component Attribute" vulnerability, which could allow a malicious web site operator to run code on the computer of a visiting user. The patch also eliminates a new variant of the previously-addressed WPAD Spoofing vulnerability. The security update patches versions 4.0, 4.01, 5.0, and 5.01 of IE (it will not work on beta releases of IE 5.5 or versions of IE earlier than 4.0).
02.17.00. The "Image Source Redirect" Vulnerability Patch eliminates a vulnerability that could allow a malicious Web site operator to read (but not add, change, or delete) certain types of files on your computer. All versions of Internet Explorer 4 and 5 are susceptible to this vulnerability.
