allows you to eliminate a security vulnerability in the HTML Help function in <A HREF=/Internet/Web_Browsers_and_Utilities/Browsers/Review_17790_index.html>Microsoft Internet Explorer</A>.
Under certain conditions, the vulnerability could let a malicious Web site perform inappropriate actions on the computer of a visiting user.
The HTML Help function provides the ability to launch code via shortcuts included in HTML Help files. If a compiled HTML Help (CHM) file were to be referenced by a malicious Web site, it could potentially be used to launch code on a visiting user's computer without the user's approval.
Such code could take any actions that the user could take, including adding, editing, and deleting data, as well as communicating with a remote Web site.
A Web site could only invoke an HTML Help file if it resided on a UNC share accessible from the user's machine, or on the user's machine itself. A firewall that blocks NETBIOS would prevent the former case from being exploited. Adhering to standard security practices would prevent the latter.
Moreover, an HTML Help file could only be invoked if active scripting was permitted in the security zone in which the hacker's site resided.
The patch eliminates the vulnerability by enabling an HTML Help file to use shortcuts only if it resides on the local machine.
Microsoft Internet Explorer and quot;HTML Help File Code Execution and quot; Vulnerability patch on Windows 2000 runs on
Windows 2000
and is available under the
Freeware
license
— the installer is 491 KB.
We’ve catalogued it under
Browsers.
✓
Verified clean. Every Microsoft Internet Explorer and quot;HTML Help File Code Execution and quot; Vulnerability patch on Windows 2000 build on SoftLookup is scanned for viruses, spyware, adware, trojans and backdoors. We re-test on every update.
Help fellow users decide. Share your experience with Microsoft Internet Explorer and quot;HTML Help File Code Execution and quot; Vulnerability patch on Windows 2000.