Security 10748 Published by

Patch Available for "Browser Print Template" and "File Upload via Form" Vulnerabilities

Summary
Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:

The Browser Print Template vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
The File Upload via Form vulnerability, which could enable a malicious web site operator to read files on a visiting user's computer.
New variants of the Scriptlet Rendering and Frame Domain Verification vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user's computer.

Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-093.asp

Affected Software Versions
Microsoft Internet Explorer 5.x

Patch Availability
http://www.microsoft.com/windows/ie/download/critical/279328

Note: The patch requires IE 5.5 or IE 5.01 SP1 to install. Customers who install this patch on other versions may receive a message reading "This update does not need to be installed on this system". This message is incorrect. More information is available in KB article Q279328.

Note: Although one of the vulnerabilities discussed here only affects IE 5.5, the patch above is suitable for installation on either IE 5.5 or IE 5.01 SP1. The patch will detect the version of IE and only install the needed components.

Note: Per the normal security support policy for IE, security patches for Internet Explorer version 4.x are no longer being produced. Microsoft recommends that IE 4.x customers who are concerned about this issue consider upgrading to either IE 5.5 or IE 5.01 SP1.

Note: The fix for this issue will be included in IE 5.5 SP1 and IE 5.01 SP2.