Thanks for the advisory Rebecca. I appreciate it very much.
>Microsoft just issued a security alert bulletin about
>a bug in java scripting for IE4. Check out this url
>for more info.
>
>Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 use the JScript Scripting
>Engine version 3.1 to process scripts on a web page. When Internet Explorer
>encounters a web page that uses JScript script to invoke the Window.External
>function with a very long string, Internet Explorer could terminate.
>
>Long strings do not normally occur in scripts and must be intentionally
>created by someone with malicious intent. A skilled hacker could use this
>malicious script message to run arbitrary computer code contained in the
>long string.
>
>In order for users to be affected by this problem, they must visit a web
>site that was intentionally designed to include a malicious script. See the
>"Administrative Workaround" section below for more information.
>
>There have not been any reports of customers being affected by this problem.
>
>
>Affected Software Versions
>==========================
>The following software is affected by this vulnerability:
>- Microsoft Internet Explorer 4.0, 4.01, 4.01 SP1 on Windows 95
> and Windows NT 4.0
>- Microsoft Windows 98
>
>Internet Explorer 4 for Windows 3.1, Windows NT 3.51, Macintosh and UNIX
>(Solaris) are not affected by this problem. Internet Explorer 3.x is not
>affected by this problem.
>
>What Microsoft is Doing
>=======================
>On August 17th Microsoft released a patch that fixes the problem as
>reported. This patch is available for download from the Microsoft Scripting
>Technologies web site,
>
>
www.microsoft.com/msdownload/vbscript/scripting.asp.
>
>Microsoft has also made this patch available as a "Critical Update" for
>Windows 98 customers through the Windows Update.
>
>Microsoft has sent this security bulletin to customers subscribing to the
>Microsoft Product Security Notification Service (see
>
http://www.microsoft.com/security/bulletin.htm for more information about
>this free customer service).
>
>Microsoft has published the following Knowledge Base (KB) article on this
>issue:
>- Microsoft Knowledge Base (KB) article Q191200, Update Available
> for JScript Security Issue,
>
http://support.microsoft.com/support/kb/articles/q191/2/00.asp>
>In addition, Microsoft has notified CERT (
http://www.cert.org), an industry
>security organization, which redistributes security-related information to
>corporate, government and end-users.
>
>What customers should do
>========================
>Microsoft highly recommends that users of affected software versions, listed
>in the "Affected Software Versions" section above, should install the
>updated version of the Microsoft Scripting Engine 3.1, which contains a fix
>for this problem. This update can be downloaded from
>
http://www.microsoft.com/msdownload/vbscript/scripting.asp.
>
>Windows 98 Users
>----------------
>Windows 98 customers can also get the updated patch using the Windows
>Update. To obtain this patch using Windows Update, launch Windows Update
>from the Windows Start Menu and click "Product Updates." When prompted,
>select 'Yes' to allow Windows Update to determine whether this patch and
>other updates are needed by your computer. If your computer does need this
>patch, you will find it listed under the "Critical Updates" section of the
>page.
>
>Localized versions of the patch are available from the Microsoft Scripting
>Technologies web site,
>
http://www.microsoft.com/msdownload/vbscript/scripting.asp.
>
>Administrative workaround
>=========================
>We strongly encourage customers to apply the patch. However, users who
>cannot apply the patch can use the Zones security feature in Internet
>Explorer to provide additional protection against this issue by disabling
>Active Scripting in the "Internet" and "Restricted Sites" Zones. This would
>still allow JScript to be run from trusted Internet sites, and on the user's
>local intranet.
>
>To turn off Active Scripting for the "Internet" Zone:
>1. From Internet Explorer, choose "Internet Options" from the "View" menu.
>2. Click on the tab labeled "Security".
>3. Click on "Internet Zone", then click "Customize Settings".
>4. Scroll to the bottom of the list and click on "Disable" under the
> "Active Scripting" setting.
>
>These same procedures can be followed for the "Restricted Sites" Zone.
>
>More Information
>================
>Please see the following references for more information related to this
>issue.
>- Microsoft Security Bulletin MS98-011, Update available for
> "Window.External" JScript Vulnerability in Microsoft Internet
> Explorer 4,(the Web posted version of this bulletin),
>
http://www.microsoft.com/security/bulletins/ms98-011.htm>- Microsoft Knowledge Base (KB) article Q191200, Update for
> "Window.External" JScript Issue,
>
http://support.microsoft.com/support/kb/articles/q191/2/00.asp>- Microsoft Internet Explorer Security Bulletin, Update available for
> "Window.External" JScript security issue,
>
http://www.microsoft.com/ie/security/jscript.htm>- Windows Update Site,
http://windowsupdate.microsoft.com>- Microsoft Scripting Technologies web site,
>
http://msdn.microsoft.com/scripting>
>Revisions
>
>
>>>It's been two days I can't access VFP URL. I.E.4.0 keeps on returning "Microsoft Jscript error.." error message. Is there anything wrong with my setup here?
>>
>>They seemed to have moved it to:
>>
>>
http://msdn.microsoft.com/vfoxpro/>>
>>I didn't get an error, just a message saying it had moved and then it took me there. I use IE 4.01. (4.72.3110.8)
JESS S. BANAGA
Project Leader - SDD division
...shifting from VFP to C#.Net
CHARISMA simply means: "Be more concerned about making others feel good about themselves than you are in making them feel good about you."