- Internet Explorer versions 6.0 and later
As previously mentioned in SA04-315A, an attacker may be able to take control of your computer by taking advantage of a vulnerability in Internet Explorer.
Apply an update
Internet Explorer 6 on Windows XP SP2 is not vulnerable.
There is a vulnerability in the way Internet Explorer processes certain HTML code. By exploiting the vulnerability, an attacker may be able to take control of your computer or cause Internet Explorer to crash.
For more technical information, see TA04-336A.
- Windows Security Update for December 2004 - <http://www.microsoft.com/security/bulletins/200412_windows.mspx>
- US-CERT Technical Cyber Security Alert TA04-336A - <http://www.us-cert.gov/cas/techalerts/TA04-336A.html>
- US-CERT Cyber Security Alert SA04-315A - <http://www.us-cert.gov/cas/alerts/SA04-315A.html>
- US-CERT Technical Cyber Security Alert TA04-315A - <http://www.us-cert.gov/cas/techalerts/TA04-315A.html>
- Vulnerability Note VU#842160 - <http://www.kb.cert.org/vuls/id/842160>
December 1, 2004: Initial release
December 3, 2004: Added information about IE 6 on Windows XP SP2, added references to TA04-336A