kayodeok's Weblog

Wednesday 01 December 2004

MS Security Bulletins - Cumulative Update For Internet Explorer

This is an out of cycle update to patch the IFrame Vulnerability in Internet Explorer.

Microsoft Security Bulletin MS04-040

Cumulative Security Update for Internet Explorer (889293)

A remote code execution vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web Page that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

References:

• Technical: Cumulative Security Update for Internet Explorer (889293)
• Knowledgebase: MS04-040: Cumulative Security Update for Internet Explorer (IE 6.0 SP1)

Related Tools

• Microsoft Baseline Security Analyzer (MBSA)
• Software Update Services (SUS)
• Windows Update
• Microsoft Security Tools

Related Reading

• Emergency IE Patch Fixes Critical Bug
• Microsoft Patch for IFRAME vulnerability
• IFRAME Exploit Spreading Through Banner Ads
• IFRAME Vulnerability Being Exploited Through Banner Ads
• Bofra exploit hits "The Register" ad serving supplier
• IE Exploit Targets Banner Ad Servers
• Hackers launch Bofra banner ad attacks
• Bofra exploit tied to 'massive botnet'
• The Register Among Sites Serving Banner Malware
• Falk statement on Bofra attack

Recent Internet Explorer Vulnerabilities

• Microsoft Internet Explorer "res:" URI Handler File Identification Vulnerability
• Internet Explorer IFRAME Buffer Overflow Vulnerability
• Microsoft Internet Explorer Two Vulnerabilities
• Double MyDoom for Internet Explorer flaw
• New MyDoom draws on IE flaw to spread