This update resolves a security vulnerability in Internet Explorer, and is discussed in Microsoft Security Bulletin MS01-020. Download now to prevent a malicious user from running an executable e-mail attachment on your computer.

This vulnerability exists because Internet Explorer does not handle MIME (Multipurpose Internet Mail Extensions) headers in HTML e-mails correctly. If a malicious user sends an affected HTML e-mail or hosts an affected e-mail on a Web site, and a user opens the e-mail or visits the Web site, Internet Explorer automatically runs the excecutable on the user's computer. If this occurs, the executable can take any action on the computer that the user can take, including adding, changing, or deleting data, communicating with Web sites, or reformatting the hard drive. This update eliminates the vulnerability by correcting the way Internet Explorer handles MIME headers in HTML e-mails, preventing e-mails from automatically launching executable attachments.

For more information about this vulnerability, read Microsoft Security Bulletin MS01-020. (This site is in English.)

Note This update is included in Internet Explorer 5.01 Service Pack 2.