Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 321309 - Last Review: March 29, 2007 - Revision: 2.5
MS02-019: Security Vulnerabilities in Internet Explorer and Office for Mac Can Cause Code to Run
This article was previously published under Q321309
Microsoft has released a patch to address two new security vulnerabilities in Internet Explorer for Macintosh.
The first vulnerability is an unchecked buffer that is associated with the handling of a particular HTML element. A security vulnerability results because an attacker can run a buffer-overrun attack that tries to exploit this flaw. A successful attack would have the result of causing the program to fail, or to cause code of the attacker's choice to run as if it were run under the user's permissions.
The second vulnerability is a flaw in how Internet Explorer for Macintosh handles certain HTML elements that run AppleScripts that are stored on the local computer. This flaw makes it possible for locally-stored AppleScripts to be started outside the typical security restrictions. A vulnerability results because it is possible for a malicious user to exploit this and cause AppleScripts to run without the user's consent. The AppleScripts would run as if they had been started by the user, and might take the same actions as any AppleScript that is legitimately started by the user.
Macintosh OS X
To resolve this problem, use the Software Update feature in Macintosh OS X version 10.1 to install the Internet Explorer 5.1 Security Update. Additional information about the Software Update feature is available at the following Apple Computer Web site:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
All Other Products
Download the update from the following Microsoft Web site:
NOTE: As of April 2002, an update is under development for Microsoft PowerPoint 98 for Macintosh. When this update is available, this article will be updated.
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.
APPLIES TO
- Microsoft Internet Explorer 5.0 for Macintosh
- Microsoft Outlook Express 4.0 for Macintosh
- Microsoft Word 2001 for Mac
- Microsoft Excel X for Mac
- Microsoft Excel 2001 for Mac
- Microsoft PowerPoint 2001 for Mac
- Microsoft PowerPoint 98 for Macintosh
- Microsoft Windows CE Platform Builder 3.0
- Microsoft Entourage X for Mac
- Microsoft Outlook Express 5.02 for Macintosh
- Microsoft Exchange Update for Entourage X (Office v. X 10.1.4 Update)
| kbbug kbenv kbfix kbsecurity KB321309 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please