Microsoft's Home User Security Bulletin for
February 2004 describes three vulnerabilities in Internet
Explorer (IE).
Note that in addition to IE, any applications that use IE to
interpret HTML documents, such as email programs, may present additional
ways for these vulnerabilities to be used.
These vulnerabilities have different impacts, ranging from disguising the
true location of a URL to executing computer commands or code,
essentially taking over control of your computer and any data on it. The
attacker could exploit this vulnerability by convincing you, the victim, to
access a specially crafted HTML document such as a web page or HTML email
message. Your computer can be compromised simply by viewing the attacker's
HTML document with Internet Explorer.
A technical description of these vulnerabilities is available from
US-CERT in TA04-033A
and from Microsoft in MS04-004.