[5674] in bugtraq
Internet Explorer 3.02 & 4.0 Page Redirect Vulnerabily
daemon@ATHENA.MIT.EDU (Aleph One)
Fri Nov 21 18:11:10 1997
Date: Fri, 21 Nov 1997 15:03:09 -0600
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
http://www.microsoft.com/ie/security/redirect.htm
Fix now available for Page Redirect issue
This page last updated on November 21, 1997
Microsoft is now providing a fix for a potential problem known as th=
e
"Page Redirect" issue.
Who is affected
Users of the following versions of Internet Explorer could be affect=
ed
by the Page Redirect issue:
• Internet Explorer 4.0 for Windows 95 and Windows NT 4.0
• Internet Explorer 3.02 for Windows 95 and Windows NT 4.0
Note: The Page Redirect issue does not affect Internet Explorer for
Windows 3.1, Windows NT 3.51, or Macintosh. It does affect Preview 1
of Internet Explorer 4.0 for UNIX. Please note that Microsoft
recommends using preview versions for evaluation purposes only and
will fix this issue in the final version of Internet Explorer 4.0 fo=
r
UNIX. In the meantime, we advise that UNIX Preview 1 users do not
enter their authentication information at Web sites.
How to protect your computer
Download the patch below for your version of Internet Explorer to ge=
t
the easy and complete fix for the Page Redirect problem:
* [15]Download the Internet Explorer 4.0 for Windows 95 and Window=
s
NT 4.0 patch
* [16]Download the Internet Explorer 3.02 for Windows 95 and Windo=
ws
NT 4.0 patch
About the potential problem
When you connect to a site that requires basic user authentication
information (name and password), and the Web site redirects you to
another Web site, your authentication information could potentially =
be
captured by the second Web site. It can only be captured if the Web
site has malicious intent and uses special techniques to obtain the
authentication information.
Microsoft has received no reports of any Internet Explorer user bein=
g
affected by this problem to date.
Language availability
We are working on various localized versions of this patch and will
post them as they become available. Check the download link above fo=
r
your language version.
[17]Back to the topBack to the top
____________________________________________________________________
=A9 [18]1997 Microsoft Corporation. All rights reserved. Terms of Us=
e.
Last Updated: Friday, November 21, 1997
Photos: PhotoDisc; Jon Feingersh/Picture Network International
References
15. http://www.microsoft.com/msdownload/ieplatform/ie4security/pgredi=
r40/patch.htm
16. http://www.microsoft.com/msdownload/ieplatform/ie4security/pgredi=
r302/patch.htm
