Microsoft Security Bulletins

Windows Assistance

Go To
Home
Windows XP
Virus Info Center
Windows Web Sites
Books
Tips From The Past
Searching For
Commentary
Microsoft Security Bulletins
eMail
About This Site
Search Me


Advanced Search

Search The Web


Advanced Search

 

 

More Bulletins: 

Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins
 
Year 1999 Security Bulletins 
Year 1998 Security Bulletins 

What's Listed

Only Official Microsoft Security Bulletins that apply to Windows 98/Me and any applets that are included with the operating system (Media Player, Internet Explorer, Outlook Express, etc.) 

This is not a complete list. You should also go to the Windows Update site at Microsoft and also visit the Security pages at Microsoft.

Be sure to read the Microsoft Terms of Use.


Microsoft Security Bulletin (MS00-093)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-092)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-091)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows NT 4.0 and a recommended workaround for Windows 95, 98, 98 Second Edition, and Windows Me. The vulnerability could allow a malicious user to temporarily prevent an affected machine from providing any networking services or cause it to stop responding entirely.

Affected Software Versions

  • Windows NT 4.0
  • Windows 95, 98, 98 Second Edition, and Windows Me

Note: Windows 2000 is not affected by this vulnerability.

note from Windows Assistance: With this Security Bulletin Microsoft has changed the format. I still receive an e-mail alert. Only now you must go to the Web and get the entire bulletin from Microsoft's Security site. In the past I have avoided changing the format or layout of the bulletin and I still do. This is the reason for the new look of the bulletins.


Microsoft Security Bulletin (MS00-090)

Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft(r) Windows Media(tm) Player. These vulnerabilities could potentially enable a malicious user to cause a program of his choice to run on another user's computer.

Affected Software Versions

 - Microsoft Windows Media Player 6.4
 - Microsoft Windows Media Player 7
Note: The ".ASX Buffer Overrun" affects Windows Media Player versions 6.4 and 7. The ".WMS Script Execution" affects only Windows Media Player version 7. The patch installs the correct fix(es) for the particular version of Windows Media Player in use.


Microsoft Security Bulletin (MS00-089)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-088)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-087)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-086)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-085)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-084)

Patch Available for 'Indexing Services Cross Site Scripting' Vulnerability

Released:

  • 02 November 2000

Revised:

  • 09 April 2003 (version 2.0)

Affected Software Versions

  • Microsoft Indexing Services for Windows 2000
  • Microsoft Indexing Services for Windows NT 4.0

Impact:

  • Cross Site Scripting

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS00-084.asp


Microsoft Security Bulletin (MS00-083)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-082)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-081)

Microsoft has released a patch that eliminates a security vulnerability in the Microsoft(r) virtual machine (Microsoft VM) that originally was discussed in Microsoft Security Bulletin MS00-011. Like the original vulnerability, the new variant could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content  from inside an intranet if the malicious site was visited by a computer from within that intranet.

Affected Software Versions

Versions of the Microsoft VM are identified by build numbers, which can be determined using the JVIEW tool, as discussed in  the FAQ. The following builds of the Microsoft VM are affected:
 - All builds in the 2000 series.
 - All builds in the 3000 series.


Microsoft Security Bulletin (MS00-080)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-079)

  • Released:   18 October 2000
  • Revised:    24 May 2001 (version 2.0)

Microsoft has released a patch that eliminates a security vulnerability in the HyperTerminal application that ships with several Microsoft(r) operating systems. This vulnerability could, under certain circumstances, allow a malicious user to execute arbitrary code on another user's system.

Affected Software Versions

HytperTerminal Running On: 

  • Microsoft Windows 98 and Windows 98SE
  • Microsoft Windows Me
  • Microsoft Windows 2000

Microsoft Security Bulletin (MS00-078)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-077)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-076)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Internet Explorer. Under a daunting set of conditions, the vulnerability could enable a malicious user to obtain another user's userid and password to a web  site.

Affected Software Versions

 - Microsoft Internet Explorer 4.x
 - Microsoft Internet Explorer 5.x prior to version 5.5


Microsoft Security Bulletin (MS00-075)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-074)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) WebTV for Windows. The vulnerability could allow a malicious user to remotely crash systems running WebTV for Windows.

Affected Software Versions

 - Microsoft WebTV for Windows on Windows 98, Windows 98SE, and Windows Me


Microsoft Security Bulletin (MS00-073)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows 95, Windows 98, 98 Second Edition and Windows Me. The vulnerability could be used to cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data. The affected system component normally is present only if it has been deliberately installed.

Affected Software Versions

 - Microsoft Windows 95
 - Microsoft Windows 98
 - Microsoft Windows 98 Second Edition
 - Microsoft Windows Me


Microsoft Security Bulletin (MS00-072)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows 95, 98, 98SE, and Windows Me. The vulnerability could allow a malicious user to programmatically access a Windows 9x/ME file share without knowing the entire password assigned to that share.

Affected Software Versions

Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me


Microsoft Security Bulletin (MS00-071)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Word 2000 and 97. The vulnerability could allow a malicious user to run arbitrary code on a victim's computer without their approval.

Affected Software Versions

 - Microsoft Word 2000
 - Microsoft Word 97


Microsoft Security Bulletin (MS00-070)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-069)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-068)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows Media Player (WMP) 7 but primarily affects e-mail applications. The net effect of the vulnerability is that it could enable a malicious user to create an e-mail that, when closed after being read, could cause the e-mail application to fail.

Affected Software Versions

 - Microsoft Windows Media Player 7


Microsoft Security Bulletin (MS00-067)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-066)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-065)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-064)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-063)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-062)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-061)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-060)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-059)

Microsoft has released a patch that eliminates a security vulnerability in the Microsoft(r) virtual machine (Microsoft VM). If a malicious web site operator were able to coax a user into visiting his site, the vulnerability could allow him to masquerade as the user, visit other sites using his identity, and relay the information back to his site.

Affected Software Versions

Versions of the Microsoft VM are identified by build numbers, which can be determined using the JVIEW tool, as discussed in the FAQ. The following builds of the Microsoft VM are affected:
 - All builds in the 2000 series.
 - All builds in the 3100 series.
 - All builds in the 3200 series.
 - All builds in the 3300 series.


Microsoft Security Bulletin (MS00-058)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-057)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-056)

Microsoft has released a patch that eliminates a security vulnerability in certain Microsoft(r) Office 2000 products. The vulnerability could allow a user to construct a HyperText Markup Language (HTML) file that, when read, would crash a Microsoft Office 2000 application or potentially run arbitrary or malicious code.

Affected Software Versions

 - Microsoft Word 2000
 - Microsoft Excel 2000
 - Microsoft PowerPoint 2000


Microsoft Security Bulletin (MS00-055)

Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft(r) Internet Explorer. The vulnerabilities could allow a malicious web site operator to read - but not add, change, or delete - files on the computer of a visiting user.

Affected Software Versions

 - Microsoft Internet Explorer 4.x
 - Microsoft Internet Explorer 5.x


Microsoft Security Bulletin (MS00-054)

Microsoft has released a patch that eliminates a security vulnerability  in Microsoft(r) Windows 95, 98 and 98 Second Edition. The vulnerability  could be used to cause an affected system to fail, and depending on the  number of affected machines on a network, potentially could be used to  flood the network with superfluous data. The affected system component  generally is present only if it has been deliberately installed.

Affected Software Versions

 - Microsoft Windows 95
 - Microsoft Windows 98
 - Microsoft Windows 98 Second Edition


Microsoft Security Bulletin (MS00-053)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-052)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-051)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Microsoft Excel 97 and Excel 2000. The vulnerability could allow a malicious user to run code from an Excel worksheet without the user's knowledge.

Affected Software Versions

Microsoft Excel 2000
Microsoft Excel 97


Microsoft Security Bulletin (MS00-050)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-049)

On July 13, 2000, Microsoft released the original version of this bulletin. It provided a patch to eliminate a security vulnerability in Microsoft(r) Office 2000 and PowerPoint 97, and a workaround to protect against a vulnerability in Internet Explorer. On August 09, 2000, the bulletin was re-released to announce the availability of a patch for the vulnerability in Internet Explorer.

The effect of both vulnerabilities are the same -- they could allow a malicious web site operator to cause code of his choice to run on the computer of a visiting user.

Affected Software Versions

Microsoft Excel 2000
Microsoft PowerPoint 97 and 2000
Microsoft Internet Explorer 5.5, 5.01 SP1, 5.01, 4.01 SP2


Microsoft Security Bulletin (MS00-048)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-047)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-046)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Outlook(r) and Outlook Express. The vulnerability could allow a malicious user to send an HTML mail that, when opened, could read, but not add, change or delete, files on the recipient's computer. If coupled with other vulnerabilities, it could potentially be used in more advanced attacks as well.

The patch eliminates this vulnerability as well as those discussed in Microsoft Security Bulletins MS00-043 and MS00-045. Customers who already have taken the corrective action discussed in either of these bulletins do not need to take any additional action.

Affected Software Versions

 - Microsoft Outlook Express 4.0
 - Microsoft Outlook Express 4.01
 - Microsoft Outlook Express 5.0
 - Microsoft Outlook Express 5.01
 - Microsoft Outlook 97
 - Microsoft Outlook 98
 - Microsoft Outlook 2000


Microsoft Security Bulletin (MS00-045)

Microsoft has released a patch that eliminates a security vulnerability affecting Microsoft(r) Outlook Express. The vulnerability could allow a malicious user to send an email that would "read over the shoulder" of the recipient as he previews subsequent emails in Outlook Express.

Affected Software Versions

 - Microsoft Outlook Express 4.0
 - Microsoft Outlook Express 4.01
 - Microsoft Outlook Express 5.0
 - Microsoft Outlook Express 5.01


Microsoft Security Bulletin (MS00-044)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-043)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Office 2000 (Excel and PowerPoint) and in PowerPoint 97. Microsoft has also documented a workaround that prevents the use of Microsoft Access to exploit a vulnerability in Internet Explorer. A patch for the latter vulnerability will be available soon and we will have an update to this bulletin.

Affected Software Versions

 - Microsoft Outlook Express 4.0
 - Microsoft Outlook Express 4.01
 - Microsoft Outlook Express 5.0
 - Microsoft Outlook Express 5.01
 - Microsoft Outlook 97
 - Microsoft Outlook 98
 - Microsoft Outlook 2000


Microsoft Security Bulletin (MS00-042)

Microsoft has released a patch that eliminates a security vulnerability in an ActiveX  control that ships with Microsoft(r) Internet Explorer. The vulnerability could be used to overwrite files on the computer of a user who visited a malicious web site operator's site.

Affected Software Versions

 - Microsoft Internet Explorer 4.0
 - Microsoft Internet Explorer 4.01
 - Microsoft Internet Explorer 5.0
 - Microsoft Internet Explorer 5.01


Microsoft Security Bulletin (MS00-041)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-040)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-039)

Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft(r) Internet Explorer. The vulnerabilities involve how IE handles digital certificates; under a very daunting set of circumstances, they could allow a  malicious web site operator to pose as a trusted web site.

In addition to eliminating the "SSL Certificate Validation" vulnerabilities, this patch also eliminates all vulnerabilities discussed in Microsoft Security Bulletin MS00-033.

Affected Software Versions

 - Microsoft Internet Explorer 4.0
 - Microsoft Internet Explorer 4.01
 - Microsoft Internet Explorer 5.0
 - Microsoft Internet Explorer 5.01


Microsoft Security Bulletin (MS00-038)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows(r) Media Encoder, which ships as a component of the Windows Media Technologies. The vulnerability could allow a malicious user to interfere with a digital content provider's ability to supply real-time audio and video broadcasts.

Affected Software Versions

 - Microsoft Windows Media Encoder 4.0
 - Microsoft Windows Media Encoder 4.1


Microsoft Security Bulletin (MS00-037)

Microsoft has released a patch that eliminates a security vulnerability in the HTML Help facility that ships with Microsoft(r) Internet Explorer. Under certain conditions, the vulnerability could allow a malicious web site to take inappropriate action on the computer of a visiting user.

Affected Software Versions

 - Microsoft Internet Explorer 4.0
 - Microsoft Internet Explorer 4.01
 - Microsoft Internet Explorer 5.0
 - Microsoft Internet Explorer 5.01


Microsoft Security Bulletin (MS00-036) Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:

  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-035)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-034)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-033)

Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities

Summary

Microsoft has released a comprehensive patch that eliminates three security vulnerabilities in Microsoft® Internet Explorer 4 and 5:

  • The "Frame Domain Verification" vulnerability, which could allow a malicious web site operator to read, but not change or add, files on the computer of a visiting user.
  • The "Unauthorized Cookie Access" vulnerability, which could allow a malicious web site operator to access "cookies" belonging to a visiting user.
  • The "Malformed Component Attribute" vulnerability, which could allow a malicious web site operator to run code of his choice on the computer of a visiting user.

Affected Software Versions

  • Microsoft Internet Explorer 4.0
  • Microsoft Internet Explorer 4.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01

Microsoft Security Bulletin (MS00-032)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-031)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-030)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-029)

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows(r) 95, Windows 98, Windows NT(r) 4.0 and Windows 2000. The vulnerability could be used to cause an affected machine to temporarily stop performing  useful work.

Affected Software Versions

 - Microsoft Windows 95
 - Microsoft Windows 98
 - Microsoft Windows NT 4.0 Workstation
 - Microsoft Windows NT 4.0 Server
 - Microsoft Windows NT 4.0 Server, Enterprise Edition
 - Microsoft Windows NT 4.0 Server, Terminal Server Edition
 - Microsoft Windows 2000 Professional
 - Microsoft Windows 2000 Server
 - Microsoft Windows 2000 Advanced Server


Microsoft Security Bulletin (MS00-028) Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:

  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-027) Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:

  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-026)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-025)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-024)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-023)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-022)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-021)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-020)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-019)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-018)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-017)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-016)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-015)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-014)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-013)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-012)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-011)

Microsoft has released a patch that eliminates a security vulnerability in the Microsoft® virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. In both cases the malicious applet would have to know the exact name and location of the files. Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-011.asp 

Affected Software Versions

Versions of the Microsoft VM are identified by build numbers, which can be determined using the JVIEW tool, as discussed in the FAQ. The following builds of the Microsoft VM are affected: 

All builds in the 2000 series. 
All builds in the 3100 series. 
All builds in the 3200 series. 

Note: The Microsoft VM ships as part of several products. However, the primary ship vehicle is Internet Explorer. 


Microsoft Security Bulletin (MS00-010)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-009)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-008)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-007)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-006)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-005)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-004)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-003)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-002)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Microsoft Security Bulletin (MS00-001)

Microsoft has released a patch that eliminates four security vulnerabilities in Microsoft® Internet Explorer:
  • The “Browser Print Template” vulnerability, which could enable a malicious web site operator to take unauthorized actions on the computer of a user who visited her site.
  • The “File Upload via Form” vulnerability, which could enable a malicious web site operator to read files on a visiting user’s computer.
  • New variants of the “Scriptlet Rendering” and “Frame Domain Verification” vulnerabilities, both of which could enable a malicious web site operator to read files on a visiting user’s computer.

Affected Software Versions

  • Microsoft Internet Explorer 5.x

Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins
 
Year 1999 Security Bulletins 
Year 1998 Security Bulletins 


Microsoft Terms of Use

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT  DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR  PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS  SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF  LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

(c) 2000 Microsoft Corporation. All rights reserved. Terms of use.