Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability
Microsoft has released Security Bulletin MS04-025 to address this issue. This bulletin provides a cumulative patch for Internet Explorer to fix multiple vulnerabilities in supported versions of the application.
MS04-025 has been revised to provide updated fix information for Windows XP running Windows Update Version 5. Please see the attached Security Bulletin for further details.
Avaya has released advisory ASA-2004-26 dealing with this issue for their Avaya System Products. Please see the referenced web advisory for more information.
HP has reported that the application of the Microsoft patch included in MS04-025 may prevent users from logging into HP Systems Insight Manager with the Internet Explorer browser. HP has released an advisory (HPSBMA01072) and fixes to address this issue in the Systems Insight Manager. Please see the referenced advisory for further details regarding obtaining and applying an appropriate patch.
HP has released a revised advisory HPSBMA01076 (SSRT4787 Revised - HP Systems Insight Manager (SIM) for HP-UX Remote Denial of Service (DoS)) to address this issue. Please see the referenced advisory for more information.
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.0.1 SP2