Last Updated: 2006-06-13 20:18:58 UTC
by Swa Frantzen (Version: 1)
Fixes memory corruption that can lead to remote code execution, disclosure of sensitive information and creation of additional accounts on the host operating system.
Microsoft rates this patch as critical and considering an impact of remote code execution in the client system, for a browser we woould rate such a thing as very critical.
Microsoft claims the attack vector has to be web based, the use of it through outlook should not be possible.
Please note that this patch affects the issues in kb 917425 by terminating the compatibility period.
This includes a fix for publicly known bugs: CSS cross domain information disclosure (CVE-2005-4089) and address bar spoofing (CVE-2006-1626).
Swa Frantzen -- section 66