eidenk Posted July 13, 2005 Share Posted July 13, 2005 Microsoft Security Bulletin MS05-037Impact of Vulnerability: Remote Code ExecutionAffected Components:Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition.Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition.Does this update contain any changes to functionality?No. Since the JView Profiler COM object was not designed to be accessed through Internet Explorer, this update sets the kill bit for the JView Profiler (Javaprxy.dll) COM object. To help protect customers who have this object installed, this update prevents it from being instantiated in Internet Explorer. For more information about kill bits, see Microsoft Knowledge Base Article 240797 . The class identifier (CLSID) for this object is ‘03D9F3F2-B0E3-11D2-B081-006008039BF0’.As always there is no download available for 98 and ME users so this should be the fix (Copy and save as whatever.reg. Double-click to merge in the registry) :REGEDIT4;July 12, 2005;Vulnerability in JView Profiler (Javaprxy.dll) Could Allow Remote Code Execution (903235) ;http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]"Compatibility Flags"=dword:00000400 Link to comment Share on other sites More sharing options...
Petr Posted July 13, 2005 Share Posted July 13, 2005 As always there is no download available for 98 and ME users so this should be the fixNo, this time there is download available:http://www.microsoft.com/downloads/details...&displaylang=enSystem Requirements * Supported Operating Systems: Windows 2000 Service Pack 4; Windows 98; Windows 98 Second Edition; Windows ME; Windows XP Service Pack 1This update applies to Internet Explorer 6 Service Pack 1 (SP1) with the following operating systems: * Windows XP SP1 * Windows 2000 SP4 * Windows 98 * Windows 98SE * Windows MillenniumIn fact, this update tests the version of IE:1=#S\BROWSEUI.DLL:5.0.3502.1000-6.0.2899.0:%Warn1%:okit means that all IE versions between IE 5.01 SP3 and 6.0 SP1 are supported.Petr Link to comment Share on other sites More sharing options...
eidenk Posted July 13, 2005 Author Share Posted July 13, 2005 No, this time there is download available: My bad then. Link to comment Share on other sites More sharing options...
Petr Posted July 13, 2005 Share Posted July 13, 2005 No, this time there is download available:My bad then.<{POST_SNAPBACK}>It is incorrectly written in MS05-037.Petr Link to comment Share on other sites More sharing options...
miko Posted July 13, 2005 Share Posted July 13, 2005 anytime a critical update like this one appears on windows update type the KB number into the advanced search athttp://v4.windowsupdate.microsoft.com/catalog/en/default.asp9 times out of 10 there will be a downloadable version for system adminsat least until 98SE support runs out (sometimes there's a day or two 'lag') Link to comment Share on other sites More sharing options...
MDGx Posted July 15, 2005 Share Posted July 15, 2005 (edited) Sorry for the delay, but all MS05-037 links are now posted here:http://www.mdgx.com/ietoy.htm#JPXand here:http://www.msfn.org/board/?showtopic=46581including the manual REG fix, which doesn't require any downloads.FYI:MS05-037 Security Vulnerability Fix Bulletin was formerly published by MS as Advisory Bulletin 903144:http://www.microsoft.com/technet/security/...ory/903144.mspxHope this helps. Edited July 15, 2005 by MDGx Link to comment Share on other sites More sharing options...
erpdude8 Posted July 15, 2005 Share Posted July 15, 2005 (edited) No, this time there is download available:My bad then.<{POST_SNAPBACK}>It is incorrectly written in MS05-037.Petr<{POST_SNAPBACK}>Actually, IE 5.01 SP3 from Win2k SP3 is no longer supported. Microsoft ended extended security support for IE 5.01 SP3/Win2000 SP3 on june 30, 2005. expand the Frequently Asked Questions related to this security update section in security bulletin MS05-037. miko is right on about this critical patch being available for 98se; search for 903235 at the Windows Update Catalog site & select either Win98 or WinME as the operating system and you should find it there. Edited July 15, 2005 by erpdude8 Link to comment Share on other sites More sharing options...
eidenk Posted July 15, 2005 Author Share Posted July 15, 2005 Those ActiveX Killbit fixes are valid in fact for any version of IE I think. Even if the specific vulnerable files do not exist on the system. They could be automatically downloaded by IE from a corrupt webpage for example.Has anyone information about the signification of other flags under this ActiveX Compatibility key ? Link to comment Share on other sites More sharing options...
MDGx Posted July 18, 2005 Share Posted July 18, 2005 Petr,This is what I found on Compatibility Flags:MS TechNet:http://www.microsoft.com/technet/prodtechn...E12E3D1F8B.mspxWinGuides:http://www.winguides.com/registry/display.php/1188/Hope this helps. Link to comment Share on other sites More sharing options...
eidenk Posted July 18, 2005 Author Share Posted July 18, 2005 Thanks MDGx. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now