Vernon Frazee
February 3rd, 2004, 05:09 AM
Microsoft Security Bulletin MS04-004 (http://www.microsoft.com/technet/security/bulletin/MS04-004.asp?frame=true)
http://www.microsoft.com/technet/security/bulletin/MS04-004.asp?frame=true
Cumulative Security Update for Internet Explorer (832894) (http://www.microsoft.com/technet/security/bulletin/MS04-004.asp?frame=true)
Issued: February 2, 2004
Version: 1.0
SummaryWho should read this document: Customers who are using Microsoft® Internet Explorer
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the security update immediately.
Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-048, which is itself a cumulative update.
Caveats: NoneTechnical Details
This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following three newly-discovered vulnerabilities: A vulnerability that involves the cross-domain security model of Internet Explorer. ...
A vulnerability that involves performing a drag-and-drop operation with function pointers during dynamic HTML (DHTML) events in Internet Explorer. ...
A vulnerability that involves the incorrect parsing of URLs that contain special characters. ... For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. ...Tested Microsoft Windows and Office Components:
Affected Components: Internet Explorer 6 Service Pack 1: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A-47C0-90D3-0C884910BC97&displaylang=en).
Internet Explorer 6 Service Pack 1 (64-Bit Edition): Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=326EFFDA-8D86-4683-BC77-9BF410BC620D&displaylang=en).
Internet Explorer 6 for Windows Server 2003: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=D78AE4F7-8852-4A04-B8F6-1DE327E598F0&displaylang=en).
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition): Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7894F0-789F-4152-9AE4-8DCB43404149&displaylang=en).
Internet Explorer 6: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=BE0C18BC-7F9A-4196-BFDE-29EBA8CF7A50&displaylang=en).
Internet Explorer 5.5 Service Pack 2: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA-4A54-B767-5597DDE95C6F&displaylang=en).
Internet Explorer 5.01 Service Pack 4: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E-49FD-9AA2-36D2D8454A92&displaylang=en).
Internet Explorer 5.01 Service Pack 3: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56-4F4A-8C0F-4183C77B6B51&displaylang=en).
Internet Explorer 5.01 Service Pack 2: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE-4C99-A780-81D6DBC48DD5&displaylang=en). More, much more ... (http://www.microsoft.com/technet/security/bulletin/MS04-004.asp?frame=true)
InternetNews.com: Microsoft Goes Off-Cycle for 'Critical' IE Patch (http://www.internetnews.com/dev-news/article.php/3307371)
http://www.microsoft.com/technet/security/bulletin/MS04-004.asp?frame=true
Cumulative Security Update for Internet Explorer (832894) (http://www.microsoft.com/technet/security/bulletin/MS04-004.asp?frame=true)
Issued: February 2, 2004
Version: 1.0
SummaryWho should read this document: Customers who are using Microsoft® Internet Explorer
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the security update immediately.
Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-048, which is itself a cumulative update.
Caveats: NoneTechnical Details
This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following three newly-discovered vulnerabilities: A vulnerability that involves the cross-domain security model of Internet Explorer. ...
A vulnerability that involves performing a drag-and-drop operation with function pointers during dynamic HTML (DHTML) events in Internet Explorer. ...
A vulnerability that involves the incorrect parsing of URLs that contain special characters. ... For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. ...Tested Microsoft Windows and Office Components:
Affected Components: Internet Explorer 6 Service Pack 1: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A-47C0-90D3-0C884910BC97&displaylang=en).
Internet Explorer 6 Service Pack 1 (64-Bit Edition): Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=326EFFDA-8D86-4683-BC77-9BF410BC620D&displaylang=en).
Internet Explorer 6 for Windows Server 2003: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=D78AE4F7-8852-4A04-B8F6-1DE327E598F0&displaylang=en).
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition): Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7894F0-789F-4152-9AE4-8DCB43404149&displaylang=en).
Internet Explorer 6: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=BE0C18BC-7F9A-4196-BFDE-29EBA8CF7A50&displaylang=en).
Internet Explorer 5.5 Service Pack 2: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA-4A54-B767-5597DDE95C6F&displaylang=en).
Internet Explorer 5.01 Service Pack 4: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E-49FD-9AA2-36D2D8454A92&displaylang=en).
Internet Explorer 5.01 Service Pack 3: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56-4F4A-8C0F-4183C77B6B51&displaylang=en).
Internet Explorer 5.01 Service Pack 2: Download the update (http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE-4C99-A780-81D6DBC48DD5&displaylang=en). More, much more ... (http://www.microsoft.com/technet/security/bulletin/MS04-004.asp?frame=true)
InternetNews.com: Microsoft Goes Off-Cycle for 'Critical' IE Patch (http://www.internetnews.com/dev-news/article.php/3307371)