FYI, the FAQ section for MS06-015 says: "Note The update for this vulnerability also addresses a publicly disclosed variation that has been assigned Common Vulnerability and Exposure number CVE-2004-2289." This stems from a Bugtraq post in May 2004. - Steve