This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, it eliminates the following six newly discovered vulnerabilities:
- A buffer overrun vulnerability affecting the Gopher protocol handler. This vulnerability was originally discussed in Microsoft Security Bulletin MS02-027, which provided workaround instructions while the patch provided here was being completed.
- A buffer overrun vulnerability affecting an ActiveX control used to display specially formatted text.
- A vulnerability involving how Internet Explorer handles an HTML directive that displays XML data.
- A vulnerability involving how Internet Explorer represents the origin of a file in the File Download Dialogue box.
- A Cross Domain verification vulnerability that occurs because of improper domain checking in conjunction with the Object tag.
- A newly reported variant of the "Cross-Site Scripting in Local HTML Resource" vulnerability originally discussed in Microsoft Security Bulletin MS02-023.