This update resolves the following security vulnerabilities in MSHTML.DLL, which is the parsing engine for HTML in Internet Explorer:

• A privacy issue in which the "IMG SRC" tag could be used to determine information about the files on a user's computer, although it would not allow those files to be read or changed.
• A new variant of a previously-identified cross-frame security vulnerability that could allow a malicious Web site operator to execute a script on a Web site and gain privileges on visiting users� machines that are normally granted only to their trusted sites.
• A new variant of a previously-identified untrusted scripted paste vulnerability that could allow a malicious web site operator to view contents of a visiting user�s clipboard.

Note This "MSHTML" update includes all previous updates for the "Frame Spoof," "Untrusted Scripted Paste," and "Cross Frame Navigate" vulnerabilities in Internet Explorer 4.01 Service Pack 1, and Internet Explorer 4.01 Service Pack 2 running on Windows operating systems.

For more technical details on the "MSHTML" issue, read Microsoft Security Bulletin MS99-012. (This site is in English.)

• Windows 98
• Internet Explorer 4.01