After you install security update 896358 or Microsoft Windows Server 2003 Service Pack 1 (SP1), you may experience one or both of the following symptoms after you click a link to an HTML Help .chm file in Internet Explorer:
- Topics in the .chm file cannot be viewed when you click Open instead of Save in the File Download dialog box.
- Topics in the .chm file cannot be viewed when you click Save in the File Download dialog box, and you then try to open the file.
Note This article contains information that is supplemental to the following Microsoft Knowledge Base articles:
232077Â
(http://kbalertz.com/Feedback.aspx?kbNumber=232077/
)
Executing files by hyperlink and the File Download dialog box
896054Â
(http://kbalertz.com/Feedback.aspx?kbNumber=896054/
)
You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1
896358Â
(http://kbalertz.com/Feedback.aspx?kbNumber=896358/
)
MS05-026: A vulnerability in HTML Help could allow remote code execution
Security update 896358 and Windows Server 2003 SP1 include changes to the InfoTech protocol that block the ability to view remote content. These changes were introduced to reduce security vulnerabilities in HTML Help. After you install 896358 or Windows Server 2003 SP1, files in the Temporary Internet Files folder are treated as content from the Internet zone. Therefore, files may be blocked when you click
Open in the
File Download dialog box. Additionally, after you install 896358 or Windows Server 2003 SP1, Attachment Manager may treat a downloaded .chm file as an untrusted file. Therefore, you may not be able to open the file. These effects are expected and intended effects of installing the security update and of installing Windows Server 2003 SP1.
Resolution for end users
Warning If you are prompted to open or to save a .chm file from a Web site, you should do so only if you need the file and if you trust the Web site that is providing the file.
In the
File Download dialog box, click
Save, and then choose where you want to save the .chm file. Then, use one of the following methods:
Method 1
- Double-click the .chm file.
- In the Open File-Security Warning dialog box, click to clear the Always ask before opening this file check box.
- Click Open.
Method 2
- Right-click the CHM file, and then click Properties.
- Click Unblock.
- Double-click the .chm file to open the file.
Resolution for system administrators
To resolve this issue, use one of the following methods.
Use UNC file paths and file shares to link to .chm files
If your intranet Web page uses the HTTP URL scheme to link to .chm files, security update 896358 may prevent users from seeing topics in the .chm file. Replacing an HTTP file path with a UNC file path can make it possible again to open .chm files from the Web page.
To use a UNC file path instead of an HTTP URL, follow these steps:
- Put the .chm files on a file share server that can be addressed by using a UNC file path.
A UNC file path looks similar to the following path:\\productmanuals\helpfiles
- Use the ItssRestrictions\UrlAllowList value to enable the systems in your intranet to access the .chm files from that file share.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
896054Â
(http://kbalertz.com/Feedback.aspx?kbNumber=896054/
)
You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1
- Update the links on your intranet Web page to use UNC file paths in the URLs that link to the .chm files.
Note This method works only for pages that are served from the Intranet zone. This method does not work for pages that are served from the Internet zone.
Set up Web applications to download .chm files
On the Web page that links to .chm files, add instructions that advise the user to save the file instead of opening the file directly. For more information, see the "Resolution for end users" section.
You can also use the DownloadOptions <META> tag to remove the Open button from the File Download dialog box that appears after a user clicks a link to the .chm file. Put this tag inside the <head> tag of your HTML page. This usage is illustrated in the following example.
<head>
<META name="DownloadOptions" content="noopen">
</head>
For more information, visit the following Microsoft Web site:
Note The use of the DownloadOptions <META> tag is supported only in Microsoft Windows XP with Service Pack 2 and in Windows Server 2003 with Service Pack 1.
Overview and examples for system administrators
For more information about security update 896358 and how you can re-enable Web applications that are affected by this update, click the following article number to view the article in the Microsoft Knowledge Base:
896358Â
(http://kbalertz.com/Feedback.aspx?kbNumber=896358/
)
MS05-026: Vulnerability in HTML Help could allow remote code execution
Internet Explorer
For more information about opening files by hyperlink in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:
232077Â
(http://kbalertz.com/Feedback.aspx?kbNumber=232077/
)
Executing files by hyperlink and the File Download dialog box
For more information about how to use security zones in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:
174360Â
(http://kbalertz.com/Feedback.aspx?kbNumber=174360/
)
How to use security zones in Internet Explorer
Technical support for x64-based versions of Microsoft Windows
On computers that are running x64-based versions of Microsoft
Windows, you may have to adapt the instructions in the
"Resolution" section about how to modify the registry. For example, you might
have to modify a different part of the registry, depending on whether you want
to modify the 32-bit or the 64-bit functionality. For more information, click the following article number to
view the article in the Microsoft Knowledge Base:
896459Â
(http://kbalertz.com/Feedback.aspx?kbNumber=896459/
)
Registry changes in Windows x64 Edition-based operating systems
Your hardware manufacturer provides
technical support and assistance for x64-based versions
of Windows. Your hardware manufacturer provides
support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have
customized the installation of Windows with unique components.
Unique components might include specific device drivers or might include
optional settings to maximize the performance of the hardware. Microsoft will
provide reasonable-effort assistance if you need technical help with your
x64-based version of Windows. However, you might have to contact your
manufacturer directly. Your manufacturer is best qualified to support the
software that your manufacturer installed on the hardware.
For product
information about Microsoft Windows XP Professional x64 Edition, visit the
following Microsoft Web site:
For product information about x64-based versions of Microsoft
Windows Server 2003, visit the following Microsoft Web site: