U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA04-033A)

Multiple Vulnerabilities in Microsoft Internet Explorer

Original release date: February 02, 2004

Systems Affected

Microsoft Windows systems running
  • Internet Explorer 5.01
  • Internet Explorer 5.50
  • Internet Explorer 6
Previous versions that are no longer supported may also be affected.

Overview

Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most serious of which could allow attackers in any location to run programs of their choice on your computer using the same privileges as you have.

Quick Links

Patch Information | Problem Description | References

Description

Microsoft's Home User Security Bulletin for February 2004 describes three vulnerabilities in Internet Explorer (IE).

Note that in addition to IE, any applications that use IE to interpret HTML documents, such as email programs, may present additional ways for these vulnerabilities to be used.

These vulnerabilities have different impacts, ranging from disguising the true location of a URL to executing computer commands or code, essentially taking over control of your computer and any data on it. The attacker could exploit this vulnerability by convincing you, the victim, to access a specially crafted HTML document such as a web page or HTML email message. Your computer can be compromised simply by viewing the attacker's HTML document with Internet Explorer.

A technical description of these vulnerabilities is available from US-CERT in TA04-033A and from Microsoft in MS04-004.

Resolution

Apply a patch

Microsoft has released a home user bulletin describing how to determine what patches you will need and how to get them. Follow the procedures outlined in Microsoft's Home User Security Bulletin for February 2004.

For additional information, and to receive updates on this alert, go to http://www.us-cert.gov.

References

This document is available from <http://www.us-cert.gov/cas/alerts/SA04-033A.html>

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

  • February 02, 2004: Initial release

    Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top