"This page has an unspecified potential security flaw"

Kenneth,

Well, that is an effective workaround, but it does not solve the underlying problem (just as the fix I was given from MS does not solve the underlying problem).

Please note that all those experiencing this problem state clearly that they have no problem "opening the folders directly" (i.e., "navigating to" the folders and opening them). The problem occurs only when a "shortcut" is used. Your workaround changes the shortcut to an execution of "explorer.exe ", which is exactly what happens when one "navigates to" the folder. (I like your thinking!)

For me, the solution MS provided was superior because I did not have to alter all the shortcuts (and I have a bunch of them because I have 3 different user-ids set up on my system). It may still leave me open to the exploit (or maybe not if I am to believe that the changes to shell32.dll protects me as MS has indicated), but I can live with that for a while until I see if they update the patch.

I would like to state that I understand and accept that some patches are "bad" because MS cannot test all situations / environments. That is fine. This one, however, is caused because they have elected to handle the affected folders in a manner inconsistent with their handling of other folders (and basically decided that I cannot access what is on MY own system). I understand these folders have a specific purpose on the system, but why would they elect to handle these folders in a more "secretive" manner than other, far more important folders? This is just bad design and it leaves me with the perception of a certain degree of arrogance on the part of MS.

But the workaround DEFINITELY works and I thank you for sharing it.

 

Kenneth Byrd--Thanks for your input.
Your shortcut brings me one step closer--directly to an open Content.IE5 folder, but trying to open the individual alphanumeric subfolders still brings up the error message. (I think I reported my present shortcut is "C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files\Content.IE5 "

 

Welshjim,

Kenneth's workaround can be used for the alphanumeric folders, too.

The problem is that these may change when you use the INTERNET OPTIONS "Delete Files" function/button. (Actually, I am not sure if the alphanumeric folders ALWAYS are deleted when you do this, but that is the ONLY time I have experienced them being deleted unless I deleted them myself.)

To avoid this, don't clear your cache in that manner! Just go to the alphanumeric folders and delete all the files "manually ".

Over time, your index.dat file will grow. I do not know how to avoid this and still retain the alphanumeric folders. Note that, if you ever opened and inspected the contents of the index.dat file, the folder-names of the alphanumeric folders are in plain text. So, if you actually delete the entire alphanumeric folder or even all the alphanumeric folders, BUT NOT THE INDEX.DAT file, the system will/should create folders by the same name. Since I have only been successful at deleting these folders when logged in via the "Administrator" account (safe mode), these were (re-)created when I rebooted and/or logged in as the associated userid.

The alphanumeric folders are also used when Outlook needs to render an HTML email. I am not sure about any other email client.

 

Welshjim,

Unrelated to the problem for which this topic was started (sorta ), but why look through the alphanumeric folders for favicons? They are more quickly accessed/gathered through IE Options>Settings (under TIFs)>View Files, re-arrange by file type and look for icon files.

 

So, I thought about what I last wrote. If the index.dat file contains the alphanumeric folder-names, I figured I should just be able to access Content.IE5 folder and delete the alphanumeric folders. Since the index.dat file remains, the next time these folders are needed they should be recreated under the same names. Ran a test and "Yup!" that's how it works. And the shortcuts to the folders do not need to be recreated.

The index.dat file, however, continues to grow (and grow)...

 

That "˜Underlying Problem’

[FONT= "Times New Roman"][SIZE= "3"]Right, Victor [SIZE= "2"]{I am assuming that you indeed are named Victor}[/SIZE], it does not solve the underlying problem. But, it may be that the main problem is just not going to ever be solved — either because: 1) there might in fact be some reasonable/valid fundamental reason why it simply cannot be done, either at all, or easily; or, 2) Microsoft is just not going to put the effort into it, given that the WinXP product is soon enough to become defunct (er, superceded by the next version of Windows to be released in a few months from now).

While one ought possibly assume that the next Windows [Longhorn/Vista], not to mention many future other releases, will be a continued evolution of NT/XP — and, thus, the fundamental security issue uncovered (and, now, circumvented by the inconvenient KB921398 / MS06–045) would itself persist… And, therefore, MS would indeed have an interest in fixing it “properly” — so as to have it go away both now and in the future continuances of current Windows evolution… Nevertheless, they still might not go to all the trouble of getting it done — especially, to release a version that will work in XP in particular — before getting next Windows out the door… In which case, we could all get awfully blue in the face while holding our collective breaths until that time when we were all finally willing to adopt next Windows and (presumably) it is eventually fixed therein. (Thus, my workaround certainly could be useful for many people for a significant time until MS eventually does get it fixed whenever/wherever.)

Furthermore, and on the other hand, I strongly suspect/fear that eventually MS will truly make it impossible for us to get to the browser cache at all! It all has to do with “Digital Rights Management” (DRM), copy-protection, copyright-infringement prevention, etc. While, ultimately, making it to be genuinely impossible regardless of (literally) any-and-all invented workarounds and/or hacks and/or directly bootable extra-system utilities [SIZE= "2"][e.g., Windows own Recovery Console, as well as, say, Norton Ghost, are but just two examples of such beasts (though, these cited two are at least legitimately commercially provided for totally valid user purposes)][/SIZE] would require some special hardware, as well as running a highly/strongly encrypted operating system itself, that is just EXACTLY what Microsoft and Intel are jointly developing for the not so distant future!!!!!!! If so, then MS would ostensibly simply have no desire/intention whatsoever of ever solving our present “unspecified potential security flaw” irritation. (Similarly, then, my workaround could itself be destine for a rather short useful lifespan.)[/SIZE][/FONT]

 

noahdfear--What a pleasant surprise to see a post from you again.!
But you have really knocked me for a loop. For years I have run a search for "favicon[*].ico" and I am told that it/they are in Content.IE5 naming the specific alphanumeric folder. And now I see they indeed are also in Temporary Internet Files (where your procedure leads). Except in TIF they are called only favicon.ico, not favicon[1].ico, favicon[2].ico, etc..
So I have created a mountain out of a molehill for no purpose.
Thanks for the fix--to my concern anyway.
P.S. TIF names them all only "favicon.ico ", and somewhat surprisingly, I can have several files with that name at the same time in TIF. When I click Properties, however, they are differentiated as http://www.forbes.com/favicon.ico, for example.

 

VicMax--To clean out TIF, I use a program called SystemSecuritySuite
http://www.igorshpak.net/
If you configure it properly it deletes the index.dat files in Content.IE5 (as well as the rest of the files). At reboot, a index.dat file is recreated but it is only 32KB.

 

Workaround for "unspecified potential security flaw" Has a Minor Flaw in Itself

[FONT= "Times New Roman"][SIZE= "3"]Actually, there is a rather unfortunate substantial flaw in my workaround [SIZE= "2"][the original idea behind which indeed is of my own inspiration and creation][/SIZE]···

When the shortcut is evoked directly out of an open folder, then the Temporary Internet Files folder is opened in a new window "” rather than to just replace within the already open window for the folder containing the shortcut itself.

However, this afore-described behavior does, in fact, become rather moot, of course, when, and only when, this sort of structure of shortcut is accessed via one of WinXP Explorer’s built-in menu facilities (e.g., Quick Launch, Start, etc.). [SIZE= "2"]{I trust everyone does recall that the Desktop, Taskbar, etc., along with their myriad features and functionalities, are all generated within/by the Windows Explorer component/program itself!}[/SIZE] And, so, it is thusly probably fair to categorize this as being a rather minor flaw, after all "” given that the most useful location for generally keeping shortcuts to various folders (including the Temporary Internet Files folder) is, without a doubt, in any of WinXP’s such built-in menu facilities.[/SIZE][/FONT]

 

Kenneth,

First, it's not "Victor" -- the "Vic" is for Vicky, my bullmastiff; the "Max" is for her nephew (you can guess his name).

At any rate...
My technical experience goes back to Win98. Even then MS had this "thing" about the cache folders and files. I don't know why. And they won't tell any of us (if they actually still remember the original reasons!).

You may be correct about the DRM issues and it could very well be that their historic handling of the TIFs has been a "convenient" way for them to implement whatever they (and their legal department) believe to be their best "solution" to staying out of trouble along with other issues ( "profits" just seem to jump to mind!).

Still, most of us believe that they are OUR systems (call us crazy!) and that MS should fully respect that. Further, they only create nightmare scenarios for themselves each time they decide some aspect of the system requires some handling different than the rest of the system. Today I am an IT Security consultant and a software and system designer. I absolutely assure you that the greater the complexity, the greater the room for error. In fact, the effect is exponential by its very nature. This includes all manner of "bugs ". But it is most apparent and seems to fully manifest itself in updates -- becoming especially "nightmarish" in the sensitive arena of security updates.

This problem is miniscule compared to the "stuff" they are going through due to the "918899 / MS06-042 Cumulative Update ". I shudder just thinking about what is going on inside MS in their effort to "fix" that one!

 

Workaround for "˜Content.IE5’ Sub-Folders

[FONT= "Times New Roman"][SIZE= "3"]
Jim [SIZE= "2"]{and, I am assuming that at least (this time) you indeed are named Jim(?)}[/SIZE]—

Once within your ‘Content.IE5’ folder, simply search on ‘*.ini’ (w/o the quotes, of course!).

Thereafter, you can simply right-click and Open Containing Folder as you may desire.

[/SIZE][/FONT]

 

A More Direct Workaround for "˜Content.IE5’ Sub-Folders

*** See revised version in new posting later below. ***

{ Original problem had to do with the length of the string within the "Target:" field in my shortcut. Forgot that it can be a maximum of about 256 characters! (While it worked alright for me — since I keep my TIF much closer to the root [on another drive] than is standard — it would not work for others who do keep their TIF in the usual location!!) }

 

Kenneth Byrd--

I feel like there is something missing between those two sentences.
In Content.IE5 the only .ini file Search finds is the desktop.ini file. Right clicking on it gives several options, but Open Containing Folder is not one. (I can open it in Notepad to see its text contents and there are plenty of .ini files in the alphanumeric folders.)

But remember, right or left clicking on any of the alphanumeric folder brings up the error message, as does trying to access the Content.IE5 folder itself, using the shortcut. So I already have had to click off one error message just to enter Content.IE5.

 

[FONT= "Times New Roman"][SIZE= "3"]
Well, Jim, gosh darn!!

On my system¹, after evoking

``[FONT= "Courier New"][SIZE= "2"]%systemroot%\explorer.exe "C:\ ... \Temporary Internet Files\Content.IE5 "[/SIZE][/FONT]´´,​

and then searching on ``[FONT= "Courier New"][SIZE= "2"]*.ini[/SIZE][/FONT]´´ [SIZE= "2"]{ with all citations being understood to be w/o the outermost quotes [``…´´], of course }[/SIZE], I can then right-click upon any of the resulting Desktop.ini entries and select ‘Open Containing Folder’ — which then opens that relevant associated folder, and all with no security message, to boot.

Of course, it probably is just as easy (easier?) to instead skip the abovementioned search procedure and simply left-click on the folders directly — and just put up with that pesky security message.


<< Maybe someone else has an idea as to the variance in our experience? >>


Hopefully, though, you shall find my next submission a bit more interesting!


————————————[SIZE= "2"]
¹ I am running the Home Edition w/ SP2 (fully updated), and logged on with administrator privileges.
[/SIZE]
[/SIZE][/FONT]

 

A More Direct Workaround for "˜Content.IE5’ Sub-Folders

[FONT= "Times New Roman"][SIZE= "3"]
First of all, this MAY VERY WELL BE QUITE DANGEROUS!!!

But, then again, it could be as totally innocuous as my own personal results do seem to indicate!

So, and nevertheless, attempt, if you want,···

ONLY AT YOUR OWN RISK!!!!!!!​

For, I really don’t know. It does work well enough for me. [SIZE= "2"]{ I am running the Home Edition w/ SP2 (fully updated), and logged on with administrator privileges. }[/SIZE]


<< Maybe someone else can inform as to what the real consequences — if any substantial and/or significant — are likely to be from this action? >>


Basically, it is simply a shortcut for opening ones ‘Content.IE5’ folder that first does a wee bit o’ “hanky panky” along the way — as follows···


From my own minimal investigation into, and experience with, this specific problem, it appears that the Desktop.ini files within the folders immediately below that ‘Content.IE5’ folder don’t amount to a hill of beans. So, I just annihilate them — thusly, and thereby, eradicating all the grief that they have been foisting upon us!!!

[FONT= "Arial Black"]The Shortcut Composition[/FONT]​

[FONT= "Arial"](Name)[/FONT]

Code:

Content-IE5

« Or, anything else you may desire. »


[FONT= "Arial"]Target:[/FONT]

Code:

%SystemRoot%\system32\cmd.exe /d /c " %SystemRoot%\Content-IE5.cmd  "C:\ ... \Temporary Internet Files"  "

« Obviously, replace the ``[FONT= "Courier New"][SIZE= "2"] "C:\ ... \Temporary Internet Files "[/SIZE][/FONT]´´ string with your correct particulars (retaining the double quotes, but only the (inner) ones, shown in black ["]). However, all else must be precisely as given — unless, that is, you absolutely do know exactly what you are doing! [SIZE= "2"][ And, yes, the quotes are definitely weirdly nested; but, it is utterly crucial in this way that they are. ][/SIZE] »

NOTE: ``[FONT= "Courier New"][SIZE= "2"]\Content.IE5[/SIZE][/FONT]´´ (which is not to be confused with ``[FONT= "Courier New"][SIZE= "2"]\Content-IE5.cmd[/SIZE][/FONT]´´) is not included as the trailing part of this string (as immediately to be following the ``[FONT= "Courier New"][SIZE= "2"]\Temporary Internet Files[/SIZE][/FONT]´´ inclusion); instead, it will be supplied automatically by the execution file [SIZE= "2"][ see later below ][/SIZE].


[FONT= "Arial"]Start in:[/FONT]

Code:

« Doesn’t mater — may as well just leave blank. »

[FONT= "Arial"]Run:[/FONT]

Code:

Normal window

[FONT= "Arial Black"]The Execution File[/FONT]​

[FONT= "Arial"](Name)[/FONT]

Code:

Content-IE5.cmd

« If want to name it something else, must likewise change corresponding reference inside the afore-described shortcut. [SIZE= "2"][ Do note that the name of this execution file and the name proper given to the afore-described shortcut do not have to be the same; however, the reference within the afore-described shortcut must be to the name given to this execution file. ][/SIZE] »


[FONT= "Arial"](Location)[/FONT]

Code:

C:\WINDOWS

« Or, wherever [u]is[/u] your [b]Windows [I]System Root[/I][/b] directory/folder. »

« If want to have this execution file to reside someplace other than your Windows System Root directory/folder, must appropriately change reference inside the afore-described shortcut. »


[FONT= "Arial"](Contents)[/FONT]

Code:

@echo off
if  '%cmdextversion%' == ''   goto :ENV-BAD
if    cmdextversion 2         goto :ENV-OK

:ENV-BAD

echo.
echo Incorrect Environment!
echo.
pause
goto :eof

:ENV-OK

if   "%~1" == " "   (   echo.   &   echo Missing Path Argument!   &   echo.   &   pause   &   goto :eof   )
setlocal
(set execUnconditionally=NO)                              &   rem  ***CAN CHANGE TO 'YES' [w/o the quotes] IF INDEED WANT TO UNIVERSALLY EXECUTE UNCONDITIONALLY***
if /i                     '%2' == '-FORCE'   goto :EXEC   &   rem  ***UNCONDITIONAL EXECUTION CAN OPTIONALLY BE FORCED BY THE EVOKING SHORTCUT***
if /i  '%execUnconditionally%' == 'YES'      goto :EXEC
echo.
echo Are you QUITE sure?
echo.
set     answr=NO
set /p  answr=  ( y or yes to proceed; anything else aborts )   Ä^>
if /i not   "%answr%" ==  "yes"   if /i not   "%answr%" ==  "y"   goto :eof

:EXEC

echo.
chdir /d   "%~1\Content.IE5"   ||   (   echo    &   pause   &   goto :eof   )
for /d  %%j  in (*)  do   if exist %%j\Desktop.ini   (   attrib %%j\Desktop.ini -s -h -r   &   erase %%j\Desktop.ini   ) 
%SystemRoot%\explorer.exe .\

« The “” characters [SIZE= "2"][ including, too, this actual one included right here within this very sentence ][/SIZE] are in reality the genuine DOS bell control-character (0x07). [SIZE= "2"]{ Believe it or not, even though they simply cannot be directly entered by way of the Windows keyboard, nor obtained via the Windows “Character Map” Accessory Applet, nonetheless, they can still be entered by means of the DOS keyboard when under the EDIT.COM DOS program; and, they still do indeed function as such (i.e., to “hardware beep” the system case internal speaker) when output properly through DOS — as well as they should copy–’n’–paste just fine! }[/SIZE] »

[FONT= "Arial Black"]OPTIONS[/FONT]​

The default operation as per the versions of the shortcut and execution file depicted herein is for the evoked execution file to first query for permission to actually continue to execute. If desired, option is provided to easily cause the execution to instead be carried out unconditionally — either universally, or on a per-shortcut basis.


Documentation is provided within the execution file itself as to how to alter it so as to therewith specify universal unconditional execution.


To cause execution to be unconditional only for a specific shortcut (or, set of shortcuts), change the relevant shortcut(s)’s [FONT= "Arial"]Target:[/FONT] to be···

Code:

%SystemRoot%\system32\cmd.exe /d /c " %SystemRoot%\Content-IE5.cmd  "C:\ ... \Temporary Internet Files" -force  "

Additionally, ought change any-and-all so affected — whether individually, or due to universality — shortcuts’ [FONT= "Arial"]Run:[/FONT] behavior to be···

Code:

Minimized

[/SIZE][/FONT]

 

All--I finally got to a "higher level" of MS TechSupport and was given a (the?) Registry DWORD change. But it did not fix anything! I still get the error message.
The Tech did, however, assure me that the DWORD change would not affect the functioning of the 921398 Update, and that it is normal that Content.IE5 does not appear in the TIF folder. (It did, of course, in Win98, so I was always perplexed that it did not in XP.)
In light of noahdfear's revelation (to me anyway) that Favicons appear in TIF, I think I will just not worry any more about entering Content.IE5 without getting, and having to click off, the error message.

Kenneth Byrd--After all your work, I hope you will forgive my chickening out.

 

Kenneth Byrd--I hope you are still reading.
MS Tech Support finally came up with THE solution. And it is very similar to one you proposed earlier.
The shortcut should be %windir%\Explorer.exe /e, "C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files\Content.IE5 "
The /e switch opens Content.IE5 folder without error message and with the Folder view. Now you click on the alphanumeric files in the left panel folder view. They now open without the error message, too.
The alphanumeric files in the right panel still produce the error message when clicked.