Hi

The following came from find.pcworld.com/32573 (and is also on p. 59 (Bugs and Fixes) of the Feb. 03 PCWorld issue (Gaping Holes in Internet Explorer). I have IE 6 with SP1 installed and I have XP home edition, which I am 99.9% sure is the 32 bit version.


Second Cumulative Patch for Internet Explorer 5.5 and 6
Internet Explorer 5.5 and 6, like most new software offerings, come with a whole new set of problems. But how do you keep up with all the most current patches? This update closes all known security holes affecting these browsers (as of December 13) and addresses three new security issues: One security flaw allows an attacker to alter HTML header information to make IE believe that an executable file is actually a different type of file--one that it is appropriate to simply open without asking the user for confirmation. This could enable the attacker to create a Web page or HTML e-mail that, when opened, would automatically run an executable on the user's system. This vulnerability affects IE 6.0 only, not 5.5.

The second issue is a newly discovered variant of the Frame Domain Verification vulnerability. This could enable a malicious Web site operator to open two browser windows, one in the web site's domain and the other on the user's local file system, and to pass information from the latter to the former. This could enable the site operator to read, but not change, any file on the user's local computer that could be opened in a browser window. This affects both IE 5.5 and 6.0.

The third flaw is related to the display of file names in the File Download dialog box. When a download is initiated, a dialog provides the name of the file. However, in some cases it is possible for an attacker to misrepresent the name of the file in the dialog. This could be invoked from a Web page or in an HTML e-mail in an attempt to fool users into accepting unsafe file types from a trusted source. This vulnerability affects both IE 5.5 and 6.0. go to download site

When I get to the download site, I get offered these options:

Internet Explorer 6 SP1 (32-bit)

Security Update
2 MB file
10 min @ 28.8 Kbps


Internet Explorer 6 SP1 (64-bit)

Security Update
4.1 MB file
20 min @ 28.8 Kbps


Internet Explorer 6

Security Update
2.43 MB file
12 min @ 28.8 Kbps


Internet Explorer 5.5 SP2

Security Update
2.15 MB file
10 min @ 28.8 Kbps

I chose the 3rd. one down (Internet Explorer 6) I assume that was appropriate as I already had SP1 and did not have IE 5.5. It downloaded an exe file (I believe it was q324929.exe).

But when I told it to install I got the message that "this file requires that IE 6 be installed." Well, as will be noted I HAVE IE 6 installed.

I should appreciate any and all input re (1) did I download the right file and (2) what can I do about the message I got (see last paragraph)

John