Guest Connected: 28356   Bookmark Us     Contact Us  
Total Shareware
Currently Listed: 244,953 Applications


  Utilities - Patches and Updates

Link To Program

  Microsoft Internet Explorer ''HTML Help File Code Execution'' Vulnerability patch  -  Version  6-8-2000

Microsoft has released a patch that eliminates a security vulnerability in the HTML Help facility that ships with Microsoft® Internet Explorer. Under certain conditions, the vulnerability could allow a malicious web site to take inappropriate action on the computer of a visiting user. The HTML Help facility provides the ability to launch code via shortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious web site, it could potentially be used to launch code on a visiting user's computer without the user's approval. Such code could take any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site. A web site could only invoke an HTML Help file if it resided on a UNC share accessible from the user's machine, or on the user's machine itself. A firewall that blocks Netbios would prevent the former case from being exploited. Adhering to standard security practices would prevent the latter. In addition, an HTML Help file could only be invoked if Active Scripting was permitted in the Security Zone that the malicious user's site resides in. The patch eliminates the vulnerability by only allowing an HTML Help file to use shortcuts if the help file resides on the local machine.

To link to this program use the html below (use text editor and check the exact syntax):

<a href="http://www.TotalShareware.com/LinkToItem.aspx?id=8893">View this program at www.TotalShareware.com</a>

This link will appear like:

View this program at www.TotalShareware.com