Microsoft Security Bulletin MS04-004 (Critical) Update 02/03/04 12:00pm

Microsoft has released a cumulative patch for Internet Explorer that addresses newly discovered security vulnerabilities, as well as vulnerabilities covered by earlier patches, Microsoft Security Bulletin MS04-004 for Microsoft Internet Explorer (IE) versions 5.01 to version 6.0. The vulnerabilities addressed by the bulletin are:

• Flaw in Cross-Domain security. This flaw allows code to be executed from a malicous website or html email in the security context of the logged in user.
• Flaw in drop-and-drag operations during Dynamic HTML events. This vulnerability allows a file to be saved in a target location on the user's system if the user clicked a link. No dialog box would request that the user approve this download.
• A vulnerability that involves the incorrect parsing of URLs that contain special characters. This vulnerability can result in a misrepresentation of the URL in the address bar of an Internet Explorer window.

  Microsoft has released patches for:

  IE 6SP1: http://antivirus.nih.gov/files/MS_Patch/MS04004/Q832894IE6SP1.EXE

  IE6SP1 64-bit: http://antivirus.nih.gov/files/MS_Patch/MS04004/Q832894IE6SP164Bit.EXE

  IE 6 Server: http://antivirus.nih.gov/files/MS_Patch/MS04004/WindowsServer2003-KB832894-x86-ENU.exe

  IE 6 Server 64-Bit: http://antivirus.nih.gov/files/MS_Patch/MS04004/WindowsServer2003-KB832894-IA64-ENU.exe

  IE 6: http://antivirus.nih.gov/files/MS_Patch/MS04004/Q832894IE6.exe

  IE 5.5 SP2 http://antivirus.nih.gov/files/MS_Patch/MS04004/Q832894IE55SP2.exe

  IE 5.01 SP4 http://antivirus.nih.gov/files/MS_Patch/MS04004/Q832894IE501SP4.exe

  IE 5.01 SP3 http://antivirus.nih.gov/files/MS_Patch/MS04004/Q832894IE501SP3.exe

  IE 5.01 SP2 http://antivirus.nih.gov/files/MS_Patch/MS04004/Q832894IE501SP2.exe

  For more information see http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-004.asp from Microsoft.