Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Malformed Dotless IP Address Security Patch
Downloads Count: 3,338
License Type: Free
Price: Free
Date Added: Oct 30, 2002
Operating Systems: Windows XP, Windows NT, Windows 2000, Windows 9.x, Windows Me
Author: Microsoft
- Internet Explorer 5.5 Service Pack 2 and Internet Tools 365,575
- Adobe Shockwave Player 209,679
- AnalogX Pow! 94,562
- Internet Explorer 5.01 Service Pack 2 64,999
- Windows XP WPA2 Hot Fix KB893357 64,676
Description of Malformed Dotless IP Address Security Patch
This patch eliminates three bugs affecting Internet Explorer. One deals with dotless IP addresses (for example, http://031713501415 rather than http://207.46.131.13). Through this bug, your browser would not recognize the page as an Internet page, but as an Intranet page, and the page would run with fewer security restrictions as a result.
The second bug the app fixes involves how IE handles URLs that specify third-party sites. By encoding an URL in a particular way, it would be possible for an attacker to include HTTP requests that would be sent to the site as soon as a connection had been established. These requests would appear to have originated from the user. If exploited against a Web-based service (for example, a Web-based mail service), it could be possible for the attacker to take action on the user's behalf, including sending a request to delete data.
The third bug fixed is a new variant of a former vulnerability discussed in Microsoft Security Bulletin MS01-015, affecting how Telnet sessions are invoked via IE. By design, telnet sessions can be launched via IE. However, a vulnerability exists because when doing so, IE will start Telnet using any command-line options the Web site specifies. This only becomes a concern when using the version of the Telnet client that installs as part of Services for Unix (SFU) 2.0 on Windows NT 4.0 or Windows 2000 machines.
The version of the Telnet client in SFU 2.0 provides an option for creating a verbatim transcript of a Telnet session. An attacker could start a session using the logging option, then stream an executable file onto the user's system in a location that would cause it to be executed automatically the next time the user booted the machine. The flaw does not lie in the Telnet client, but in IE, which should not allow Telnet to be started remotely with command-line arguments.
People who downloaded this also downloaded:
Sponsored Links
-
Change the way Outlook displays your messages and headers.
-
Fix two bugs in Internet Explorer and protect yourself from the Bubbleboy virus.
-
Change the default folder icons in Windows 95.
-
An animated head vocalizes your text as you instant message your friends.
-
Differentiate between "good" and "bad" cookies with this free update.
-
Block ads and keep Web pages from collecting information on you.
-
Expand your networking features.
-
Update security and correct buffer overruns in Explorer 4.0.
-
Security hole patches for IE3 and IE4.
-
Eliminate a bug in Windows 9x's Telnet client.
-
Spice up your presentations for the Web with animation and interactivity.
Dell Laptop Deals
-
Save Hundreds on Dell's Most Popular Laptop Models Inspiron, Studio and Studio XPS Models all at Steep Discounts!
If you have questions about finding, downloading, or opening files in our library, you'll probably find the answers here.
Trend Micro AntiVirus plus AntiSpyware 2008
Trend Micro AntiVirus plus AntiSpyware installs quickly and then works quietly in the background. Its unobtrusive monitoring system, prescheduled security scans and automatic downloads of the latest updates take care of security, allowing you to concentrate on the things you really want to do with your computer."/>
- Browse the Downloads Store by Topic
- Security »
- Utilities »
- Graphics & Multimedia »
- Visit the Download Store Home