This update resolves several security vulnerabilities in Internet Explorer 5.01 Service Pack 2 (SP2), and is discussed in Microsoft Security Bulletin MS01-027. Download now to eliminate multiple certificate validation vulnerabilities and to prevent malicious Web site operators from making it appear that the content from his or her Web site actually originated from another site, even a trusted or secure Web site. In addition, this update includes a previously released update that is discussed in Microsoft Security Bulletin MS01-020, which eliminates a vulnerability that allows a malicious user to run an executable e-mail attachment on your computer.

This update addresses these vulnerabilities:

• A vulnerability that prevents Internet Explorer from correctly validating the digital certificates used in Secure Sockets Layer (SSL) sessions. Under a certain set of conditions, this vulnerability enables a malicious Web site operator to make his or her Web site appear to be a trusted site when it is not.
• A vulnerability that could enable an attacker to make his or her Web site appear to be a different site. By posing as a site that you trust, the attacker's site might be able to persuade you to provide information that you would only provide to a trusted site.
• The two new variants of the "Frame Domain Verification" vulnerability, which are discussed in Microsoft Security Bulletin MS00-033. (This site is in English.) These vulnerabilities could allow a malicious Web site operator to read, but not change or add, files on the computer of a visiting user.

This update also addresses the "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" security vulnerability in Internet Explorer, and is discussed in Microsoft Security Bulletin MS01-020. (This site is in English.) This update eliminates the vulnerability by correcting the way Internet Explorer handles MIME (Multipurpose Internet Mail Extensions) headers in HTML (Hypertext Markup Language) e-mails, preventing e-mails from automatically launching executable attachments.