Multiple Vulnerabilities in Microsoft Internet Explorer
Microsoft Windows systems running
Previous versions that are no longer supported may also be affected.
- Internet Explorer 5.01
- Internet Explorer 5.50
- Internet Explorer 6
Microsoft's Home User Security Bulletin for February 2004 describes three vulnerabilities in Internet Explorer (IE).
Note that in addition to IE, any applications that use IE to interpret HTML documents, such as email programs, may present additional ways for these vulnerabilities to be used.
These vulnerabilities have different impacts, ranging from disguising the true location of a URL to executing computer commands or code, essentially taking over control of your computer and any data on it. The attacker could exploit this vulnerability by convincing you, the victim, to access a specially crafted HTML document such as a web page or HTML email message. Your computer can be compromised simply by viewing the attacker's HTML document with Internet Explorer.
Apply a patch
Microsoft has released a home user bulletin describing how to determine what patches you will need and how to get them. Follow the procedures outlined in Microsoft's Home User Security Bulletin for February 2004.
For additional information, and to receive updates on this alert, go to http://www.us-cert.gov.
- US-CERT Technical Alert TA04-033A - <http://www.us-cert.gov/cas/techalerts/TA04-033A.html>
- Microsoft's Home User Security Bulletin for February 2004 - <http://www.microsoft.com/security/security_bulletins/20040202_windows.asp>
- Microsoft Security Bulletin MS04-004 - <http://www.microsoft.com/technet/security/bulletin/MS04-004.asp>
This document is available from <http://www.us-cert.gov/cas/alerts/SA04-033A.html>
February 02, 2004: Initial release