MS04-040: Internet Explorer Cummulative Update (IFRAME FIX)http://www.microsoft.com/technet/security/...n/MS04-040.mspx
Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should install the update immediately.
Security Update Replacement: This update replaces the update that is included with Microsoft Security Bulletin MS04-038. That update is also a cumulative update.
Caveats: Microsoft Knowledge Base Article 889293 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.
* HTML Elements Vulnerability - CAN-2004-1050: A remote code execution vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web Page that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.