• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Method Caching Mouse Click Event Hijacking Vulnerability

Solution:
** UPDATE: The previous bulletin MS04-004 has been superseded with bulletins MS05-008 and MS05-014. These bulletins contain new fixes for Internet Explorer and the operating system. Users are advised to apply these new updates.

Nortel Networks has released security advisory 2005005511-2 acknowledging this issue. Please the referenced advisory for further information.


Microsoft Internet Explorer 5.5 SP2

• Microsoft Cumulative Security Update for Internet Explorer 5.5 Service Pack 2 (KB832894)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA -4A54-B767-5597DDE95C6F&displaylang=en

Microsoft Windows XP 64-bit Edition SP1

• Microsoft Security Update for Windows XP 64-bit Edition (KB890047)
  May also be applicable to Windows XP 64-Edition SP0 - Microsoft does not specify.
  http://www.microsoft.com/downloads/details.aspx?familyid=B6DAA99A-6E0B -477D-99E9-5237BCF57762&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows 2000 Professional SP3

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows XP Tablet PC Edition SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition

• Microsoft Security Update for Windows Server 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0 -42A6-844B-F80D6168E25E

Microsoft Windows XP Media Center Edition SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows Server 2003 Web Edition

• Microsoft Security Update for Windows Server 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0 -42A6-844B-F80D6168E25E

Microsoft Windows 2000 Advanced Server SP3

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows XP Home SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 64-bit/Windows XP 64-bit, Version 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=9EE7FF53-20EC -4B75-A255-72DD0AB52FF3&displaylang=en

Microsoft Internet Explorer 6.0 SP1

• Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB832894)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A -47C0-90D3-0C884910BC97&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB832894)
  For Internet Explorer 6 SP 1 running on Windows XP 64-bit platforms.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=326EFFDA-8D86 -4683-BC77-9BF410BC620D&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows XP/2000 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=E473CD05-3320 -4322-B437-F3A61E62F567


• Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7EAE62C0-3DA0 -4BAC-B2FE-ECE89959053D

Microsoft Windows 2000 Server SP3

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows Server 2003 Standard Edition

• Microsoft Security Update for Windows Server 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0 -42A6-844B-F80D6168E25E

Microsoft Windows XP 64-bit Edition Version 2003

• Microsoft Security Update for Windows Server 2003 64-bit/Windows XP 64-bit, Version 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=9EE7FF53-20EC -4B75-A255-72DD0AB52FF3&displaylang=en

Microsoft Windows 2000 Server SP4

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows 2000 Professional SP4

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows XP Professional SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Internet Explorer 6.0

• Microsoft Cumulative Security Update for Internet Explorer 6 (KB832894)
  For Internet Explorer 6 running on Windows XP.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=BE0C18BC-7F9A -4196-BFDE-29EBA8CF7A50&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB832894)
  For Internet Explorer 6.0 running on Windows 2003.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=D78AE4F7-8852 -4A04-B8F6-1DE327E598F0&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB832894)
  For Internet Explorer 6 running on Windows 2003 64-bit platforms.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7894F0-789F -4152-9AE4-8DCB43404149&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4DC0FE8A-9D03 -4AB8-8EAF-C85FF25CB1A2


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB867282)
  http://www.microsoft.com/downloads/details.aspx?familyid=E3C4DA1F-6FA2 -4A2B-A6D9-24B599C353B3&displaylang=en

Microsoft Internet Explorer 5.0.1 SP1

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE -4C99-A780-81D6DBC48DD5&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 3.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56 -4F4A-8C0F-4183C77B6B51&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 4.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E -49FD-9AA2-36D2D8454A92&displaylang=en

Microsoft Internet Explorer 5.0.1 SP4

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE -4C99-A780-81D6DBC48DD5&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 3.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56 -4F4A-8C0F-4183C77B6B51&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 4.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E -49FD-9AA2-36D2D8454A92&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2CBB4B-2F00 -4CD6-BB98-AD14A48B53C0

Microsoft Internet Explorer 5.0.1 SP2

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE -4C99-A780-81D6DBC48DD5&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 3.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56 -4F4A-8C0F-4183C77B6B51&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 4.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E -49FD-9AA2-36D2D8454A92&displaylang=en

Microsoft Internet Explorer 5.0.1 SP3

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE -4C99-A780-81D6DBC48DD5&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 3.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56 -4F4A-8C0F-4183C77B6B51&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 4.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E -49FD-9AA2-36D2D8454A92&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=34F5BCDE-4EE2 -4EFD-BB60-F5A6BC5F56D1

Microsoft Internet Explorer 5.0.1

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE -4C99-A780-81D6DBC48DD5&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 3.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56 -4F4A-8C0F-4183C77B6B51&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)
  For Internet Explorer 5.01 running on Windows 2000 SP 4.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E -49FD-9AA2-36D2D8454A92&displaylang=en