DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 328970 - Last Review: February 27, 2014 - Revision: 8.5

This article was previously published under Q328970
This article has been archived. It is offered "as is" and will no longer be updated.

On This Page

SUMMARY

Microsoft has released a cumulative patch for Internet Explorer. This patch includes updates for the issues that are described in the following Microsoft Knowledge Base articles:
323759  (http://support.microsoft.com/kb/323759/EN-US/ ) MS02-047: August 22, 2002, Cumulative Patch for Internet Explorer
321232  (http://support.microsoft.com/kb/321232/EN-US/ ) MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer
316059  (http://support.microsoft.com/kb/316059/EN-US/ ) MS02-005: February 11, 2002, Cumulative Patch for Internet Explorer
319182  (http://support.microsoft.com/kb/319182/EN-US/ ) MS02-015: March 28, 2002, Cumulative Patch for Internet Explorer
This cumulative patch also prevents the following security vulnerabilities:
  • A buffer-overrun vulnerability that occurs because Internet Explorer does not correctly check the parameters of Portable Network Graphics (PNG) files when they are opened. To the best of Microsoft's knowledge, this vulnerability can be used only to cause Internet Explorer to stop working. The effect of exploiting this vulnerability against Internet Explorer is relatively minor. You have only to restart Internet Explorer to restore typical operation. However, a number of other Microsoft products (notably, most Microsoft Office products and Microsoft Index Server) rely on Internet Explorer to render PNG files. Exploiting this vulnerability against such a program causes them to stop working also. Because of this, Microsoft recommends that customers install this patch whether or not they are using Internet Explorer as the primary Web browser.
  • An information-disclosure vulnerability that is related to the way in which Internet Explorer handles encoded characters in a Web address (URL). This vulnerability might permit an attacker to craft a URL that contains some encoded characters. The encoded characters might redirect you to a second Web site. If you follow the URL, the attacker can gain the same access as you on the second Web site. This might permit the attacker to access any information that you share with the second Web site.
  • A vulnerability that occurs because Internet Explorer does not, under some conditions, correctly check the component that the OBJECT tag calls. This might permit an attacker to obtain the name of the Temporary Internet Files folder on your local computer. This vulnerability does not permit an attacker to read or modify any files on your local computer because the Temporary Internet Files folder is located in the Internet security zone. Knowing the name of the Temporary Internet Files folder might permit an attacker to identify the user name of the logged-on user, and to read other information in the Temporary Internet Files folder (such as cookies).
  • Three vulnerabilities that, although they have different root causes, have the same effects. All three vulnerabilities occur because incomplete security checks occur out when particular programming techniques are used in Web pages. These vulnerabilities might permit one Web site to access information from another domain, including your local computer. This might permit the Web site operator to read, but not to change, any file that can be viewed in a browser window on your local computer . These vulnerabilities might also permit an attacker to start a program file that is already present on your local computer.
This cumulative patch also sets the "kill" bit on the MSN Chat ActiveX control that is described in the following Microsoft Security Bulletin:
MS02-022: http://www.microsoft.com/technet/security/bulletin/MS02-022.mspx (http://www.microsoft.com/technet/security/bulletin/MS02-022.mspx)
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
240797  (http://support.microsoft.com/kb/240797/EN-US/ ) How to Stop an ActiveX Control from Running in Internet Explorer
810202  (http://support.microsoft.com/kb/810202/EN-US/ ) Security Vulnerability in DirectX Files Viewer ActiveX Control
This process makes sure that a vulnerable control cannot be added to your computer. For additional information about known issues that can occur when you install this update, click the following article number to view the article in the Microsoft Knowledge Base:
325192  (http://support.microsoft.com/kb/325192/EN-US/ ) Issues After You Install Updates to Internet Explorer or Windows
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910  (http://support.microsoft.com/kb/260910/EN-US/ ) How to Obtain the Latest Windows 2000 Service Pack

MORE INFORMATION

For more information about this patch, visit the following Microsoft Web site:
http://www.microsoft.com/protect/computer/updates/bulletins/default.mspx (http://www.microsoft.com/protect/computer/updates/bulletins/default.mspx)

Download Information

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download the 328970 package now (http://www.microsoft.com/windows/ie/downloads/critical/q328970/default.mspx)
Release Date: November 20, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/EN-US/ ) How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information

You can install the Internet Explorer 6 version of this update on Internet Explorer 6 or on Internet Explorer 6 Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
328548  (http://support.microsoft.com/kb/328548/EN-US/ ) How to Obtain the Latest Service Pack for Internet Explorer 6
The Internet Explorer 5.5 version of this update requires Internet Explorer 5.5 Service Pack 2 (SP2). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
276369  (http://support.microsoft.com/kb/276369/EN-US/ ) How to Obtain the Latest Service Pack for Internet Explorer 5.5
The Internet Explorer 5.01 for Windows 2000 version of this update requires Windows 2000 Service Pack 3 (SP3). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910  (http://support.microsoft.com/kb/260910/EN-US/ ) How to Obtain the Latest Windows 2000 Service Pack
You must restart your computer after you apply this update.

This package supports the following switches:
  • /q Specifies Quiet mode, or suppresses prompts, when files are being extracted.
  • /q:u Specifies User-Quiet mode, which presents some dialog boxes to the user.
  • /q:a Specifies Administrator-Quiet mode, which does not present any dialog boxes to the user.
  • /t:path Specifies the target folder for extracting files.
  • /c Extracts the files without installing them.
  • /c:path Specifies the path and name of the Setup .inf or .exe file.
  • /r:n Never restarts the computer after installation.
  • /r:i Restart if a restart is required--automatically restarts the computer if the computer must be restarted to complete installation.
  • /r:a Always restarts the computer after installation.
  • /r:s Restarts the computer after installation without prompting the user.
  • /n:v No version checking--installs the program over any previous version.
For example, the file name /q:a /r:n command installs the update without any user intervention, and does not force the computer to restart.

WARNING: Your computer is vulnerable until you restart it and log on as an administrator to complete the installation.

NOTE: You cannot successfully install this update on Microsoft Windows XP-based computers in non-interactive mode (for example, by using Windows Task Scheduler, Microsoft Systems Management Server, or the IBM Tivoli software). Microsoft is researching this problem and will post more information in this article when the information becomes available.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are installed in the %Windir%\System32 folder.

Internet Explorer 6 with SP1 (32-bit)

   Date         Time   Version        Size       File name
   ---------------------------------------------------------
   29-Aug-2002  09:23  6.0.2800.1106     91,136  Advpack.dll
   10-Oct-2002  22:17  6.0.2800.1126  2,787,840  Mshtml.dll
   10-Oct-2002  22:18  6.0.2800.1126    483,328  Urlmon.dll

Internet Explorer 6 with SP1 (64-bit)

   Date         Time   Version        Size       File name
   --------------------------------------------------------
   15-Oct-2002  17:21  6.0.2800.1126  9,064,448  Mshtml.dll
   15-Oct-2002  17:26  6.0.2800.1126  1,410,560  Urlmon.dll

Internet Explorer 6

   Date         Time   Version       Size       File name
   --------------------------------------------------------
   15-Oct-2002  18:37  6.0.2722.900  2,764,288  Mshtml.dll
   16-Oct-2002  22:38  6.0.2722.900     34,304  Pngfilt.dll
   05-Mar-2002  01:09  6.0.2715.400    548,864  Shdoclc.dll
   11-Oct-2002  17:53  6.0.2722.900  1,336,832  Shdocvw.dll
   16-Oct-2002  22:38  6.0.2715.400    109,568  Url.dll
   11-Oct-2002  17:53  6.0.2722.900    481,280  Urlmon.dll
   06-Jun-2002  18:38  6.0.2718.400    583,168  Wininet.dll

Internet Explorer 5.5 with SP2

   Date         Time   Version        Size       File name
   ---------------------------------------------------------
   06-Jun-2000  21:43  5.50.4134.600     92,432  Advpack.dll
   17-Oct-2002  00:36  5.50.4922.900  2,757,392  Mshtml.dll
   17-Oct-2002  01:01  5.50.4922.900     48,912  Pngfilt.dll
   15-Oct-2002  22:40  5.50.4922.900  1,149,200  Shdocvw.dll
   05-Mar-2002  02:53  5.50.4915.500     84,240  Url.dll
   15-Oct-2002  22:41  5.50.4922.900    451,344  Urlmon.dll
   06-Jun-2002  22:27  5.50.4918.600    481,552  Wininet.dll

Internet Explorer 5.01 on Windows 2000 SP3

   Date         Time   Version        Size       File name
   ---------------------------------------------------------
   15-Oct-2002  15:57  5.0.3510.1100  2,358,032  Mshtml.dll
   14-Oct-2002  16:28  5.0.3510.1100     48,912  Pngfilt.dll
   14-Oct-2002  17:02  5.0.3510.1100  1,106,704  Shdocvw.dll
   05-Mar-2002  02:53  5.50.4915.500     84,240  Url.dll
   14-Oct-2002  17:02  5.0.3510.1100    455,952  Urlmon.dll
   08-Jun-2002  00:56  5.0.3506.1000    461,584  Wininet.dll
NOTE: Because of file dependencies, these updates may also contain additional files.

APPLIES TO
  • Microsoft Internet Explorer 6.0 Service Pack 1, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Media Center Edition
    • Microsoft Windows XP Tablet PC Edition
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
    • Microsoft Windows NT Server 4.0 Standard Edition
    • Microsoft Windows NT Server 4.0, Terminal Server Edition
    • Microsoft Windows NT Workstation 4.0 Developer Edition
    • Microsoft Windows Millennium Edition
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Media Center Edition
    • Microsoft Windows XP Tablet PC Edition
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
    • Microsoft Windows NT Server 4.0 Standard Edition
    • Microsoft Windows NT Server 4.0, Terminal Server Edition
    • Microsoft Windows NT Workstation 4.0 Developer Edition
    • Microsoft Windows Millennium Edition
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
  • Microsoft Internet Explorer 5.5 Service Pack 2
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.01
Keywords: 
kbnosurvey kbarchive kbbug kbfix kbwin2000presp4fix kbsecvulnerability kbie600presp2fix kbsecurity kbie600sp2fix kbie550presp3fix kbsecbulletin kbwin2ksp4fix KB328970
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support