COMMAND

    Internet Explorer

SYSTEMS AFFECTED

    IE 5.0

PROBLEM

    Francis Favorini posted following.   It seems that after  applying
    the  IFRAME  ExecCommand  patch  from  MS9-042,  IE  5.0  is again
    vulnerable to Georgi Guninski's  cross-frame bugs.  You  can visit
    his page at

        http://www.nat.bg/~joro/read2.html

    to test or see:

        http://oliver.efri.hr/~crv/security/bugs/NT/ie61.html

    Francis tested this on 2 NTW 4.0 SP5 machines with IE 5.0 and  all
    released  fixes.   Georgi  also  confirmed  his  test  machine  is
    vulnerable again  after this  patch.   There are  three IE5  fixes
    that replace MSHTML.DLL:

        MS99-012        04/21/99        "MSHTML Update" (3 fixes mentioned below)
        MS99-040        10/12/99        "Download Behavior"
        MS99-042        10/15/99        "IFRAME ExecCommand"

    The bulletin  for MS99-042  states that  it includes  the MS99-040
    fix for "Download  Behavior" but it  doesn't mention MS99-012  and
    its  patch,  which  fixed  cross-frame,  IMG  SRC,  and  untrusted
    scripted paste bugs.   The untrusted scripted  paste bug seems  to
    remain fixed.

SOLUTION

    While  the  original  patch  did  provide  protection  against the
    "IFRAME  ExecCommand"  vulnerability,  it  re-exposed a previously
    patched security vulnerability.   MS has corrected the  regression
    error and re-released the patch.  Please note that the  regression
    error only affected the IE 5.0 version of the patch; the patch for
    IE 4.01 was unaffected, and  customers who applied it do  not need
    to take any action.