Where can I get the patch for the IE 5.0 DHTML problem?

A. A. A problem exists with IE 5.0 which causes a potential security vulnerability due to the download Dynamic HTML (DHTML) behavior.

A new feature of DHTML in IE 5.0 allows web page authors to download files for use in client-side scripts. By design, a Web site should be able to download only files that reside in its domain; this prevents client-side code from exposing files on the your computer or local intranet to the Web site. However, a server-side redirect can be used to bypass this restriction. This vulnerability could allow a malicious Web site operator to potentially read (but not modify or erase) files on your computer or on other computers on your local intranet.

See http://www.microsoft.com/security/bulletins/ms99-040.asp and http://support.microsoft.com/support/kb/articles/q242/5/42.asp for more information on this.

A fix is available from http://www.microsoft.com/msdownload/iebuild/dlbhav/en/dlbhav.htm and once downloaded a file, q243638.exe will exist. Double click on this file and click Yes to install. You will then need to reboot your computer.

After the first reboot my computer used PROGMAN.EXE as its shell! Another reboot and it was fine.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.