Alert

Update for Microsoft Internet Explorer

Last Revised
Alert Code
SA04-336A

Systems Affected

 
  • Internet Explorer versions 6.0 and later
 

Overview

 

As previously mentioned in SA04-315A, an attacker may be able to take control of your computer by taking advantage of a vulnerability in Internet Explorer.

Solution

Apply an update

Microsoft has released an update to resolve this problem. Obtain the appropriate update from Windows Update or by using Automatic Updates.

Internet Explorer 6 on Windows XP SP2 is not vulnerable.

 

Description

 

There is a vulnerability in the way Internet Explorer processes certain HTML code. By exploiting the vulnerability, an attacker may be able to take control of your computer or cause Internet Explorer to crash.

For more technical information, see TA04-336A.


 

References

  • Windows Security Update for December 2004 - <http://www.microsoft.com/security/bulletins/200412_windows.mspx>
  • US-CERT Technical Cyber Security Alert TA04-336A - <http://www.us-cert.gov/cas/techalerts/TA04-336A.html>
  • US-CERT Cyber Security Alert SA04-315A - <http://www.us-cert.gov/cas/alerts/SA04-315A.html>
  • US-CERT Technical Cyber Security Alert TA04-315A - <http://www.us-cert.gov/cas/techalerts/TA04-315A.html>
  • Vulnerability Note VU#842160 - <http://www.kb.cert.org/vuls/id/842160>


Feedback can be directed to US-CERT -->.

 

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

  • December 1, 2004: Initial release
    December 3, 2004: Added information about IE 6 on Windows XP SP2, added references to TA04-336A

Last updated 

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.