Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

MS Vulnerabilities MS04-004

Feb 2, 2004 4:49AM PST

Vulnerability Information
Discovery Date: 02/02/2004
Origin: Unknown
Length: N/A
Type: Vulnerability
SubType: Microsoft

The following Microsoft vulnerabilities were announced on February 02, 2004.

MS04-004 - Cumulative Security Update for Internet Explorer (832894), containing the following vulnerabilities:

- Cross-Domain Vulnerability (exploits detected as JS/Exploit-WhoFramed )
- Drag-and-Drop Operation Vulnerability (exploits detected as JS/Exploit-DragDrop )
- Improper URL Canonicalization Vulnerability (exploits detected as Exploit-URLSpoof.gen )

For more information visit:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-004.asp

http://vil.nai.com/vil/content/v_100993.htm

Discussion is locked

- Collapse -
Thanks for the Tip. This could be a "big one"...
Feb 2, 2004 5:12AM PST

I just clicked on MS Downloads and for my WinXP IE6 SP1 it said, ".....an attacker could run programs on your computer whileyou view a Web page. This affects all computers with IE installed (even if you don't run IE as your Web brouser."


Affected Software:

Microsoft Windows NT

- Collapse -
Go to Windows Update .......
Feb 2, 2004 5:15AM PST

I think it is for ALL versions - even IE 5.5 Sp2 on winme !

- Collapse -
The update is also for Win98 and IE 6 !!
Feb 2, 2004 5:18AM PST

I am downloading it......

- Collapse -
Re:The update is also for Win98 and IE 6 !!
Feb 2, 2004 5:27AM PST

Thank you Marianna. Windows Update found and I'm downloading the patch now for Win98 with IE 5.5 SP2.

William

- Collapse -
Re:The update is also for Win98 and IE 6 !!
Feb 2, 2004 6:09AM PST

Haven't checked my Win98se and ME computers with MS Downloads yet.

Now isn't that sometin:

The Microsoft Security Bulletin MS04-004 didn't mention Win98 or ME. Guess we must pay attention to the word "TESTED" when looking at the OS they listed. So apparently Win98se and Me wasn't 'Tested' at the time and needs to be added to that Bulletin.

When I downloaded to my WinXP it stated:

"....This affects all computers with IE installed (even if you don't run IE as your Web brouser."

- Collapse -
it looks like it fixed that problem with the scroll bar too!
Feb 2, 2004 6:23AM PST
What exactly is the scroll bar problem? I keep hearing about it but can't figure out what the problem is. I don't notice anything unusual with scroll bars.

It was caused by an update back in November. One of the threads about can be found here. Before the update you could mouse-click anywhere in a blank part of the scrollbar and the page would advance or reverse one screen at a time. After the update clicking there would either move something like 2 1/2 pages or just take you to the bottom of the page and then "break" the scroll bar altogether. If you didn't notice the problem then it probably didn't affect you or you don't use your scrollbar that way. But for those of us who did, it was a real pain in the butt.

http://www.dslreports.com/forum/remark,9264670~mode=flat
- Collapse -
Good Link....
Feb 2, 2004 6:24AM PST