Reported February 8, 2005 by Microsoft


  • Internet Explorer (IE)

  • Windows 2000 SP3 and SP4

  • Windows XP SP1 and SP2

  • Windows Server 2003

  • Windows Me and 9x


Microsoft has released a cumulative update for IE. The update also includes new patches for vulnerabilities related to improper handling of drag-and-drop events, improper handling of URLs, improper handling of Dynamic HTML (DHTML) methods, and improper handling of content from across more than one domain. All of the problems could allow a remote intruder to take complete control of a user's system.


Microsoft has released Security Bulletin MS05-014, "Cumulative Security Update for Internet Explorer (867282)," which explains the update and its caveats in more detail.