Internet Explorer 3.02 & 4.0 Page Redirect Vulnerabily

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Paul Leach: "Re: IP DOS attacks -- Win95 patches available"
• Previous message: Craig H. Rowland: "Network Attack Trend Analysis"

Fix now available for Page Redirect issue
This page last updated on November 21, 1997

Microsoft is now providing a fix for a potential problem known as the
"Page Redirect" issue.

Who is affected
Users of the following versions of Internet Explorer could be affected
by the Page Redirect issue:
• Internet Explorer 4.0 for Windows 95 and Windows NT 4.0
• Internet Explorer 3.02 for Windows 95 and Windows NT 4.0

Note: The Page Redirect issue does not affect Internet Explorer for
Windows 3.1, Windows NT 3.51, or Macintosh. It does affect Preview 1
of Internet Explorer 4.0 for UNIX. Please note that Microsoft
recommends using preview versions for evaluation purposes only and
will fix this issue in the final version of Internet Explorer 4.0 for
UNIX. In the meantime, we advise that UNIX Preview 1 users do not
enter their authentication information at Web sites.

How to protect your computer
Download the patch below for your version of Internet Explorer to get
the easy and complete fix for the Page Redirect problem:
* [15]Download the Internet Explorer 4.0 for Windows 95 and Windows
NT 4.0 patch
* [16]Download the Internet Explorer 3.02 for Windows 95 and Windows
NT 4.0 patch

About the potential problem
When you connect to a site that requires basic user authentication
information (name and password), and the Web site redirects you to
another Web site, your authentication information could potentially be
captured by the second Web site. It can only be captured if the Web
site has malicious intent and uses special techniques to obtain the
authentication information.

Microsoft has received no reports of any Internet Explorer user being
affected by this problem to date.

Language availability
We are working on various localized versions of this patch and will
post them as they become available. Check the download link above for
your language version.

[17]Back to the topBack to the top
____________________________________________________________________

© [18]1997 Microsoft Corporation. All rights reserved. Terms of Use.
Last Updated: Friday, November 21, 1997
Photos: PhotoDisc; Jon Feingersh/Picture Network International

References

15. http://www.microsoft.com/msdownload/ieplatform/ie4security/pgredir40/patch.htm
16. http://www.microsoft.com/msdownload/ieplatform/ie4security/pgredir302/patch.htm

• Next message: Paul Leach: "Re: IP DOS attacks -- Win95 patches available"
• Previous message: Craig H. Rowland: "Network Attack Trend Analysis"