Reported
February 8, 2005 by Microsoft
VERSIONS AFFECTED
-
Internet
Explorer (IE)
-
Windows 2000
SP3 and SP4
-
Windows XP SP1
and SP2
-
Windows Server
2003
-
Windows Me and 9x
|
DESCRIPTION
Microsoft has released
a cumulative update for IE. The update also includes new patches for
vulnerabilities related to improper handling of drag-and-drop events,
improper handling of URLs, improper handling of Dynamic HTML (DHTML)
methods, and improper handling of content from across more than one
domain. All of the problems could allow a remote intruder to take
complete control of a user's system.
VENDOR RESPONSE
Microsoft has released
Security Bulletin MS05-014, "Cumulative
Security Update for Internet Explorer (867282),"
which explains the update and its caveats in more detail.