This update resolves the following security vulnerabilities in MSHTML.DLL, which is the parsing engine for HTML in Internet Explorer, and is discussed in Microsoft Security Bulletin MS99-012:

• A privacy issue in which the "IMG SRC" tag could be used to determine information about the files on a user's computer, although it would not allow those files to be read or changed.
• A new variant of a previously-identified cross-frame security vulnerability that could allow a malicious Web site operator to execute a script on a Web site and gain privileges on visiting users� machines that are normally granted only to their trusted sites.
• A new variant of a previously-identified untrusted scripted paste vulnerability that could allow a malicious web site operator to view contents of a visiting user�s clipboard.

Note This "MSHTML" update includes all previous updates for the "Frame Spoof," "Untrusted Scripted Paste," and "Cross Frame Navigate" vulnerabilities in Internet Explorer 5 and Internet Tools running on Windows operating systems.

For more technical details on the "MSHTML" issue, read Microsoft Security Bulletin MS99-012. (This site is in English.)

• Windows 98
• Internet Explorer 5