Microsoft Security Bulletin MS01-055
13 November 2001 Cumulative Patch for IE
Originally posted: November 08, 2001
Updated: June 13, 2003
Who should read this bulletin:
Customers using Microsoft® Internet Explorer
Impact of vulnerability:
Exposure and altering of data in cookies.
Maximum Severity Rating:
Customers running Internet Explorer 5.5 or 6.0 should apply the patch.
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Microsoft thanks Marc Slemko for reporting one of the cookie handling issues to us and working with us to protect customers.
- Microsoft Knowledge Base article Q312461 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (November 08, 2001): Bulletin Created.
- V2.0 (November 13, 2001): Bulletin updated with patch information and to discuss the inclusion of fixes for additional cookie handling vulnerability and a variant of the zone spoofing issue.
- V2.1 (November 21, 2001): Bulletin updated with revised severity rating to reflect potential disclosure of personal information by the cookie handling vulnerabilities.
- V2.2 (February 08, 2002): Updated with table containing vulnerability information for IE 5.01 SP2 on Windows 2000, IE 5.5 SP1, IE 5.5SP2, and IE 6.0.
- V2.3 (June 13, 2003): Updated download links to Windows Update.