Update for Microsoft Internet Explorer
Systems Affected
- Internet Explorer versions 6.0 and later
Overview
As previously mentioned in SA04-315A, an attacker may be
able to take control of your computer by taking advantage of a
vulnerability in Internet Explorer.
Solution
Apply an update
Microsoft has released an update
to resolve this problem. Obtain the appropriate update from Windows Update or by using Automatic
Updates.Internet Explorer 6 on Windows XP SP2 is not vulnerable.
Description
There is a vulnerability in the way Internet Explorer processes
certain HTML code. By exploiting the vulnerability, an attacker may be
able to take control of your computer or cause Internet Explorer to crash.For more technical information, see TA04-336A.
References
- Windows Security Update for December 2004 - <http://www.microsoft.com/security/bulletins/200412_windows.mspx>
- US-CERT Technical Cyber Security Alert TA04-336A - <http://www.us-cert.gov/cas/techalerts/TA04-336A.html>
- US-CERT Cyber Security Alert SA04-315A - <http://www.us-cert.gov/cas/alerts/SA04-315A.html>
- US-CERT Technical Cyber Security Alert TA04-315A - <http://www.us-cert.gov/cas/techalerts/TA04-315A.html>
- Vulnerability Note VU#842160 - <http://www.kb.cert.org/vuls/id/842160>
Feedback
can be directed to US-CERT -->.
Copyright 2004 Carnegie Mellon University.
Terms of use
Revision History
-
December 1, 2004: Initial release
December 3, 2004: Added information about IE 6 on Windows XP SP2, added references to TA04-336A
Last updated
This product is provided subject to this Notification and this Privacy & Use policy.