MSHTML Security Update for Internet Explorer is a patch for Internet Explorer that fixes security vulnerabilities involving HTML parsing. The update fixes security vulnerabilities in MSHTML.DLL, which is the parsing engine for HTML in Internet Explorer.
These vulnerabilities include: a privacy issue in which the "IMG SRC" tag could be used to determine information about the files on a user's computer; a new variant of a previously-identified cross-frame security vulnerability that could allow a malicious Web site operator to execute a script on the Web site and gain privileges on visiting users' machines that are normally granted only to their trusted sites; and a new variant of a previously-identified untrusted scripted paste vulnerability that could allow a malicious Web site operator to view contents of a visiting user's clipboard.
This MSHTML fix includes all previous fixes for the "Frame Spoof," "Untrusted Scripted Paste" and "Cross Frame Navigate" vulnerabilities in Internet Explorer versions 5, 4.01 Service Pack 1, and 4.01 Service Pack 2 running on Windows operating systems.
