Microsoft Security Bulletin MS04-004

http://www.microsoft.com/technet/sec...asp?frame=true

Cumulative Security Update for Internet Explorer (832894)

Issued: February 2, 2004
Version: 1.0

Summary
  • Who should read this document: Customers who are using Microsoft® Internet Explorer

    Impact of vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Systems administrators should apply the security update immediately.

    Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-048, which is itself a cumulative update.

    Caveats: None
Technical Details

This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following three newly-discovered vulnerabilities:
  • A vulnerability that involves the cross-domain security model of Internet Explorer. ...
  • A vulnerability that involves performing a drag-and-drop operation with function pointers during dynamic HTML (DHTML) events in Internet Explorer. ...
  • A vulnerability that involves the incorrect parsing of URLs that contain special characters. ... For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. ...
Tested Microsoft Windows and Office Components:

Affected Components:
More, much more ...

InternetNews.com: Microsoft Goes Off-Cycle for 'Critical' IE Patch