Reported February 8, 2005 by Microsoft
Microsoft has released a cumulative update for IE. The update also includes new patches for vulnerabilities related to improper handling of drag-and-drop events, improper handling of URLs, improper handling of Dynamic HTML (DHTML) methods, and improper handling of content from across more than one domain. All of the problems could allow a remote intruder to take complete control of a user's system.
Microsoft has released
Security Bulletin MS05-014, "Cumulative
Security Update for Internet Explorer (867282),"
which explains the update and its caveats in more detail.