cannot open HTML Help files from Internet

You cannot open HTML Help files from Internet Explorer after you install security update 896358 or Windows Server 2003 Service Pack 1

SYMPTOMS

<script type="text/javascript">loadTOCNode(1, 'symptoms');</script>

After you install security update 896358 or Microsoft Windows Server 2003 Service Pack 1 (SP1), you may experience one or both of the following symptoms after you click a link to an HTML Help .chm file in Internet Explorer:

•	Topics in the .chm file cannot be viewed when you click Open instead of Save in the File Download dialog box.
•	Topics in the .chm file cannot be viewed when you click Save in the File Download dialog box, and you then try to open the file.

Note This article contains information that is supplemental to the following Microsoft Knowledge Base articles:

232077 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=232077/) Executing files by hyperlink and the File Download dialog box

896054 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=896054/) You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1

896358 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=896358/) MS05-026: A vulnerability in HTML Help could allow remote code execution

Back to the top

CAUSE

<script type="text/javascript">loadTOCNode(1, 'cause');</script>

Security update 896358 and Windows Server 2003 SP1 include changes to the InfoTech protocol that block the ability to view remote content. These changes were introduced to reduce security vulnerabilities in HTML Help. After you install 896358 or Windows Server 2003 SP1, files in the Temporary Internet Files folder are treated as content from the Internet zone. Therefore, files may be blocked when you click Open in the File Download dialog box. Additionally, after you install 896358 or Windows Server 2003 SP1, Attachment Manager may treat a downloaded .chm file as an untrusted file. Therefore, you may not be able to open the file. These effects are expected and intended effects of installing the security update and of installing Windows Server 2003 SP1.

Back to the top

RESOLUTION

<script type="text/javascript">loadTOCNode(1, 'resolution');</script>

Resolution for end users

<script type="text/javascript">loadTOCNode(2, 'resolution');</script> Warning If you are prompted to open or to save a .chm file from a Web site, you should do so only if you need the file and if you trust the Web site that is providing the file.

In the File Download dialog box, click Save, and then choose where you want to save the .chm file. Then, use one of the following methods:

Method 1

<script type="text/javascript">loadTOCNode(3, 'resolution');</script>

1.	Double-click the .chm file.
2.	In the Open File-Security Warning dialog box, click to clear the Always ask before opening this file check box.
3.	Click Open.

Method 2

<script type="text/javascript">loadTOCNode(3, 'resolution');</script>

1.	Right-click the CHM file, and then click Properties.
2.	Click Unblock.
3.	Double-click the .chm file to open the file.

Back to the top

Resolution for system administrators

<script type="text/javascript">loadTOCNode(2, 'resolution');</script> To resolve this issue, use one of the following methods.

Use UNC file paths and file shares to link to .chm files

<script type="text/javascript">loadTOCNode(3, 'resolution');</script> If your intranet Web page uses the HTTP URL scheme to link to .chm files, security update 896358 may prevent users from seeing topics in the .chm file. Replacing an HTTP file path with a UNC file path can make it possible again to open .chm files from the Web page.

To use a UNC file path instead of an HTTP URL, follow these steps:

1.	Put the .chm files on a file share server that can be addressed by using a UNC file path. A UNC file path looks similar to the following path: //productmanuals/helpfiles
2.	Use the ItssRestrictions/UrlAllowList value to enable the systems in your intranet to access the .chm files from that file share. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 896054 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=896054/) You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1
3.	Update the links on your intranet Web page to use UNC file paths in the URLs that link to the .chm files.

Note This method works only for pages that are served from the Intranet zone. This method does not work for pages that are served from the Internet zone.

Set up Web applications to download .chm files

<script type="text/javascript">loadTOCNode(3, 'resolution');</script> On the Web page that links to .chm files, add instructions that advise the user to save the file instead of opening the file directly. For more information, see the "Resolution for end users" section.

You can also use the DownloadOptions <META> tag to remove the Open button from the File Download dialog box that appears after a user clicks a link to the .chm file. Put this tag inside the <head> tag of your HTML page. This usage is illustrated in the following example.

<head>
<META name="DownloadOptions" content="noopen">
</head>

Note The <META> tag affects only some operating systems. For more information, visit the following Microsoft Web site:

http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/properties/name_1.asp (http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/properties/name_1.asp)

Back to the top

MORE INFORMATION

<script type="text/javascript">loadTOCNode(1, 'moreinformation');</script>

Overview and examples for system administrators

<script type="text/javascript">loadTOCNode(2, 'moreinformation');</script> For more information about security update 896358 and how you can re-enable Web applications that are affected by this update, click the following article number to view the article in the Microsoft Knowledge Base:

896358 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=896358/) MS05-026: Vulnerability in HTML Help could allow remote code execution

Back to the top

Internet Explorer

<script type="text/javascript">loadTOCNode(2, 'moreinformation');</script> For more information about opening files by hyperlink in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

232077 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=232077/) Executing files by hyperlink and the File Download dialog box

For more information about how to use security zones in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

174360 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=174360/) How to use security zones in Internet Explorer

Back to the top

Technical support for x64-based versions of Microsoft Windows

<script type="text/javascript">loadTOCNode(2, 'moreinformation');</script> On computers that are running x64-based versions of Microsoft Windows, you may have to adapt the instructions in the "Resolution" section about how to modify the registry. For example, you might have to modify a different part of the registry, depending on whether you want to modify the 32-bit or the 64-bit functionality. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

896459 (http://www.kbAlertz.com/Feedback.aspx?kbNumber=896459/) Registry changes in Windows x64 Edition-based operating systems

Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx (http://www.microsoft.com/windowsxp/64bit/default.mspx)

For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/default.mspx (http://www.microsoft.com/windowsserver2003/64bit/x64/default.mspx)

Back to the top

---

APPLIES TO

•	Microsoft Windows Server 2003 Service Pack 1, when used with:
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems     Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
•	Microsoft Windows Server 2003, Enterprise x64 Edition
•	Microsoft Windows Server 2003, Standard x64 Edition
•	Microsoft Windows Server 2003, Datacenter x64 Edition
•	Microsoft Windows 2000 Professional Edition
•	Microsoft Windows 2000 Service Pack 3
•	Microsoft Windows 2000 Service Pack 4
•	Microsoft Windows 2000 Service Pack 3
•	Microsoft Windows 2000 Advanced Server
•	Microsoft Windows 2000 Advanced Server
•	Microsoft Windows 2000 Datacenter Server
•	Microsoft Windows 2000 Service Pack 3
•	Microsoft Windows XP Service Pack 2
•	Microsoft Windows XP Service Pack 1
•	Microsoft Windows XP for Itanium-based Systems Version 2003
•	Microsoft Windows XP Professional x64 Edition
•	Microsoft Windows 98 Second Edition
•	Microsoft Windows 98 Standard Edition
•	Microsoft Windows Millennium Edition

Back to the top

Keywords:

kbtshoot kbsecurity kbprb kbexpertiseadvanced kbexpertiseinter KB902225

From:http://www.kbalertz.com/kb_902225.aspx