Microsoft Security Bulletin MS02-005
|
|
11 February 2002 Cumulative Patch for Internet Explorer
Originally posted: February 11, 2002
Summary
Who should read this bulletin: Customers using Microsoft® Internet
Explorer
Impact of vulnerability: Six vulnerabilities, the most serious
of which could allow an attacker to run code on another user’s
system.
Maximum Severity Rating: Critical
Recommendation: Customers using an affected version of IE should
install the patch immediately.
Affected Software:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Technical details
Frequently asked questions
Patch availability
Download locations for this patch
Additional information about this patch
Other information:
Acknowledgments
Microsoft thanks
the following people for working with us to protect customers:
- The dH team and SECURITY.NNOV team for reporting
the buffer overrun vulnerability.
- Sandro Gauci of GFI security labs (http://www.gfi.com/) for reporting the
application invocation vulnerability.
Support:
- Microsoft Knowledge Base articles Q316059, Q317727, Q317726, Q317745,
Q317729, and Q317742 discuss these issues and will be available approximately
24 hours after the release of this bulletin. Knowledge Base articles
can be found on the Microsoft
Online Support web site.
- Technical support is available from Microsoft
Product Support Services. There is no charge for support calls
associated with security patches.
Security Resources: The Microsoft
TechNet Security Web Site provides additional information about
security in Microsoft products.
Disclaimer:
The information provided in the Microsoft Knowledge Base is provided
"as is" without warranty of any kind. Microsoft disclaims all warranties,
either express or implied, including the warranties of merchantability
and fitness for a particular purpose. In no event shall Microsoft Corporation
or its suppliers be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages, even if Microsoft Corporation or its suppliers have been advised
of the possibility of such damages. Some states do not allow the exclusion
or limitation of liability for consequential or incidental damages so
the foregoing limitation may not apply.
Revisions:
- V1.0 (February 11, 2002): Bulletin Created.
|