Article ID: 273868 - View products that this article applies to.
This article was previously published under Q273868
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has released a patch that eliminates a vulnerability that may enable a malicious user to obtain your user ID and password for a Web site.
To resolve this problem, obtain the latest service pack for Internet Explorer version 5.01. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
267954For your convenience, the individual update is also available for download. The following file is available for download from the Microsoft Download Center:
(http://support.microsoft.com/kb/267954/EN-US/ )How to Obtain the Latest Internet Explorer 5.01 Service Pack
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
Download Q273868.exe now
Collapse this imageExpand this image
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. NOTE: This patch requires that you have Internet Explorer 5.01 Service Pack 1 (SP1). If you install this patch and you are using a version of Internet Explorer other than Internet Explorer 5.01 SP1, the update is not installed and you may receive the following error message:
(http://support.microsoft.com/kb/119591/EN-US/ )How to Obtain Microsoft Support Files from Online Services
This message is correct if you are running Internet Explorer 5.5, which is not affected by this vulnerability. If you are running a version of Internet Explorer earlier than version 5.01 SP1, Microsoft recommends that you upgrade to Internet Explorer 5.01 SP1 and then install this patch, or upgrade to Internet Explorer 5.5.
This update does not need to be installed on this system.
The English-language version of this patch should have the following file attributes or later:
For additional information about how to determine which version of Internet Explorer that is installed, click the article number below to view the article in the Microsoft Knowledge Base:
Date Time Size File name ----------------------------------------- 06/09/2000 10:34AM 89,360 Advpack.dll 09/25/2000 04:57PM 459,536 Wininet.dll
(http://support.microsoft.com/kb/164539/EN-US/ )How to Determine Which Version of Internet Explorer Is Installed
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Internet Explorer version 5.01 Service Pack 2.
If you log on to a secure Web page by using basic authentication, and then visit a non-secure page on the same site, Internet Explorer automatically sends the cached credentials (typically your user ID and password) to the non-secure page. If a malicious user can control your network communications, the user can read your credentials and use them. However, the malicious user cannot force you to log on to a secure page; the user can use this vulnerability only to reveal credentials that are cached during the current Internet Explorer session.
For additional information about this issue, visit the following Microsoft Web site:
Article ID: 273868 - Last Review: February 28, 2014 - Revision: 4.3