Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Malformed Favorites Icon and Legacy ActiveX Control Vulnerability
Two security vulnerabilities exist in Microsoft® Internet Explorer 4.0 and 5. The first potentially could allow arbitrary code to be run on a user's computer. The second potentially could allow the local hard drive to be read.
Issue
This update eliminates two vulnerabilities:
- The "Malformed Favorites Icon" vulnerability. The Favorites feature allows IE users to keep a list of their favorite web sites. In IE 5, the Favorites list can contain icons that are supplied by the associated web sites. However, there is an unchecked buffer in the implementation. A specially-malformed icon could overrun the buffer and be used to run arbitrary code on the user's computer. This vulnerability only affects IE 5 when run on Windows 95 or 98; it does not affect Windows NT systems.
- The "Legacy ActiveX Control" vulnerability. An ActiveX control that was used by previous versions of IE also was included in IE 4.0 and IE 5 even though it is not used by either. It could be misused to allow a web site to read the user's local hard drive. The update eliminates the vulnerability by removing the control.
Affected Products
- Internet Explorer 4.0 and 5.0
Download
Patch: http://www.microsoft.com/windows/ie/security/favorites.asp
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: May 27, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
