Microsoft Security Advisory (923762)

Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit

Published: Tuesday, August 22, 2006 | Updated: Thursday, August 24, 2006

On August 15, 2006 Microsoft announced that it would be re-releasing Microsoft Security Bulletin MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers as discussed in Microsoft Knowledge Base Article 923762. Due to an issue discovered in final testing, Microsoft was not able to re-release MS06-042 on August 22, 2006. On August 24, 2006, Microsoft completed testing to ensure the update re-released for Internet Explorer 6 Service Pack 1 met the appropriate level of quality for broad distribution.

On August 22, 2006 Microsoft also became aware of public notification on the exploitable nature of this vulnerability. Microsoft has completed the investigation into the vulnerability, and has revised Microsoft Security Bulletin MS06-042 with information on this vulnerability, and the availability of revised Internet Explorer Service Pack 1 security updates. Customers are encouraged to apply the revised update to Internet Explorer Service Pack 1 systems immediately.

General Information

Overview

References	Identification
Security Bulletin	MS06-042
CVE Reference	CVE-2006-3869
Microsoft Knowledge Base Article	923762


Related Software
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1

Suggested Actions

Other Information

Resources:

You can provide feedback by completing the form by visiting the following Web site.
Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.
International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.
The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.

Disclaimer:

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

August 22, 2006: Advisory published
August 24, 2006: Advisory updated to direct customers to the revised version of Microsoft Security Bulletin MS06-042 that includes new updates for Internet Explorer 6 Service Pack 1.