AL-2003.19 -- AUSCERT ALERT

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2003.19 -- AUSCERT ALERT
             Cumulative Patch for Internet Explorer (828750)
                  Microsoft Security Bulletin MS03-040
                             05 October 2003
===========================================================================

       AusCERT Alert Summary
       ---------------------

Product:                Internet Explorer 6.0
                       Internet Explorer 5.5
                       Internet Explorer 5.01
Publisher:              Microsoft
Operating System:       Windows
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Remote
CVE Names:              CAN-2003-0809, CAN-2003-0838

Ref:                    AU-2003.013
                       AA-2003.03
                       ESB-2003.0588

Due to the severity and current exploitation of this vulnerability,
AusCERT is release this information as an AusCERT Alert.

For additional information and appropriate patches, please reference
the Microsoft Security Bulletin MS03-040, available at:

http://www.microsoft.com/technet/security/bulletin/ms03-040.asp

For information on viruses and trojans currently exploiting these
vulnerabilities, please see:

http://www.f-secure.com/v-descs/delude.shtml
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html

AusCERT will continue to monitor this vulnerability and any changes in
exploit activity.  AusCERT members will be updated as information becomes
available.