IE 6, 5.5, 5.01 Cumulative Security Update
Microsoft Security Bulletin MS04-004
http://www.microsoft.com/technet/sec...asp?frame=true
Quote:
Cumulative Security Update for Internet Explorer (832894)
Issued: February 2, 2004
Version: 1.0
Summary- Who should read this document: Customers who are using Microsoft® Internet Explorer
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the security update immediately.
Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-048, which is itself a cumulative update.
Caveats: None
Technical Details
This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following three newly-discovered vulnerabilities:
- A vulnerability that involves the cross-domain security model of Internet Explorer. ...
- A vulnerability that involves performing a drag-and-drop operation with function pointers during dynamic HTML (DHTML) events in Internet Explorer. ...
- A vulnerability that involves the incorrect parsing of URLs that contain special characters. ... For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. ...
Tested Microsoft Windows and Office Components:
Affected Components:
More, much more ...
InternetNews.com: Microsoft Goes Off-Cycle for 'Critical' IE Patch
