MS04-038: Cumulative Security Update for Internet Explorer (834707)   12 Oct 2004 00:00 GMT
This update resolves several newly discovered publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Source: TechNet

MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)   12 Oct 2004 00:00 GMT
This update resolves several newly-discovered, public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit these vulnerabilities.
Source: TechNet

MS04-036: Vulnerability in NNTP Could Allow Code Execution (883935)   12 Oct 2004 00:00 GMT
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) Component of the affected operating systems. This vulnerability could potentially affect systems that do not use NNTP because certain affected software requires this component to be enabled for installation. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Source: TechNet

MS04-034: Vulnerability in Compressed (zipped) Folders Could Allow Code Execution (873376)   12 Oct 2004 00:00 GMT
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way that Windows processes Compressed (zipped) Folders. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.
Source: TechNet

MS04-033: Vulnerability in Microsoft Excel Could Allow Code Execution (886836)   12 Oct 2004 00:00 GMT
This update resolves a newly-discovered, privately reported vulnerability. An attacker who exploited this vulnerability on a system could execute code of their choice, including installing programs; viewing, changing, or deleting data. The vulnerability is further documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Source: TechNet

MS04-032: Security Update for Microsoft Windows (840987)   12 Oct 2004 00:00 GMT
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Source: TechNet

MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution (841533)   12 Oct 2004 00:00 GMT
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Network Dynamic Data Exchange (NetDDE) services because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.
Source: TechNet