Internet Explorer 3.02 & 4.0 Page Redirect Vulnerabily

From: Aleph One (aleph1at_private)
Date: Fri Nov 21 1997 - 13:03:09 PST

Next message: Paul Leach: "IP DOS attacks -- Win95 patches available"

Previous message: Craig H. Rowland: "Network Attack Trend Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.microsoft.com/ie/security/redirect.htm

   Fix now available for Page Redirect issue
   This page last updated on November 21, 1997

   Microsoft is now providing a fix for a potential problem known as the
   "Page Redirect" issue.

   Who is affected
   Users of the following versions of Internet Explorer could be affected
   by the Page Redirect issue:
     &#149; Internet Explorer 4.0 for Windows 95 and Windows NT 4.0
   &#149; Internet Explorer 3.02 for Windows 95 and Windows NT 4.0

   Note: The Page Redirect issue does not affect Internet Explorer for
   Windows 3.1, Windows NT 3.51, or Macintosh. It does affect Preview 1
   of Internet Explorer 4.0 for UNIX. Please note that Microsoft
   recommends using preview versions for evaluation purposes only and
   will fix this issue in the final version of Internet Explorer 4.0 for
   UNIX. In the meantime, we advise that UNIX Preview 1 users do not
   enter their authentication information at Web sites.

   How to protect your computer
   Download the patch below for your version of Internet Explorer to get
   the easy and complete fix for the Page Redirect problem:
     * [15]Download the Internet Explorer 4.0 for Windows 95 and Windows
       NT 4.0 patch
     * [16]Download the Internet Explorer 3.02 for Windows 95 and Windows
       NT 4.0 patch

   About the potential problem
   When you connect to a site that requires basic user authentication
   information (name and password), and the Web site redirects you to
   another Web site, your authentication information could potentially be
   captured by the second Web site. It can only be captured if the Web
   site has malicious intent and uses special techniques to obtain the
   authentication information.

   Microsoft has received no reports of any Internet Explorer user being
   affected by this problem to date.

   Language availability
   We are working on various localized versions of this patch and will
   post them as they become available. Check the download link above for
   your language version.


   [17]Back to the topBack to the top
   ____________________________________________________________________

   © [18]1997 Microsoft Corporation. All rights reserved. Terms of Use.
   Last Updated: Friday, November 21, 1997
   Photos: PhotoDisc; Jon Feingersh/Picture Network International

References

  15. http://www.microsoft.com/msdownload/ieplatform/ie4security/pgredir40/patch.htm
  16. http://www.microsoft.com/msdownload/ieplatform/ie4security/pgredir302/patch.htm

Next message: Paul Leach: "IP DOS attacks -- Win95 patches available"
Previous message: Craig H. Rowland: "Network Attack Trend Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:37 PDT