U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA04-315A)

Vulnerability in Microsoft Internet Explorer

Original release date: November 10, 2004 | Last revised: December 03, 2004

Systems Affected

  • Internet Explorer versions 6.0 and later

Overview

By taking advantage of a vulnerability in Internet Explorer, an attacker may be able to take control of your computer.

Solution

Apply an update

Microsoft has released an update to resolve this problem. Obtain the appropriate update from Windows Update or by using Automatic Updates.

Upgrade to Windows XP SP2

Windows XP Service Pack 2 is not affected. If you are running Windows XP, you can install Service Pack 2 using Windows Update or Automatic Updates.

Follow good security practices

The following practices may offer additional protection against this vulnerability:

  • Disable Active scripting - Attackers may be able to take advantage of Active scripting to exploit this vulnerability. Instructions for disabling Active scripting are available in the Malicious Web Scripts FAQ.

  • Don't follow unsolicited links - By convincing you to follow a link, an attacker may be able to send you to a malicious site. Don't click on unsolicited URLs received in email, instant messages, web forums, or Internet relay chat (IRC) channels.

  • Read and send email in plain text format - Many email clients use the same programs as web browsers to display HTML, so vulnerabilities that affect active content like JavaScript and ActiveX often apply to email.

  • Maintain updated anti-virus software - It is important that you use anti-virus software and keep it up to date. Most anti-virus software vendors frequently release updated information, tools, or virus databases to help detect and recover from virus infections. Many anti-virus packages support automatic updates of virus definitions. US-CERT recommends using these automatic updates when possible.

Description

There is a vulnerability in the way Internet Explorer processes certain HTML code. By exploiting the vulnerability, an attacker may be able to take control of your computer or cause a denial of service.

For more technical information, see TA04-315A.


References


.

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

  • November 10, 2004: Initial release
    December 3, 2004: Added information about MS04-040 update, SA04-336A, and TA04-336A, updated Systems Affected

Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top