MS04-004 : Cumulative Security Update

MS04-004 is a cumulative security update (Microsoft KB832894) which addresses 3 issues:

* A cross-site scripting issue
* a drag-and-drop DHTML vulnerability and
* an incorrect parsing of URLs.

It also makes URLs of the form http://username:password@site/something-else invalid. Note that URLs of that form are acceptable according to the W3C and is a shorthand way of specifying an unencrypted username/password pair.

This bulletin replaces MS03-048.

Leave a Comment