These vulnerabilities have already been discussed in various threads on 'AO' so none of this is probably new information.

In US-CERT Technical Cyber Security Alert TA04-212A , that I just recieved this morning has a good breakdown of them though. (note: if any one wants to see the entire artical, pm me and I will copy and paste it to you.)

Systems affected gives a list that includes virtually every thing MS has with the exception of SP2 RC2. And it is probably at risk also in some ways.
Please note that these vulnerabilities my affect any software that uses the Microsoft Windows operating system to render HTML or graphics.
I. Description

Microsoft Security Bulletin MS04-025 describes three vulnerabilities
in Internet Explorer; more detailed information is available in the
individual vulnerability notes. Note that in addition to Internet
Explorer, any applications that use the Internet Explorer HTML
rendering engine to interpret HTML documents may present additional
attack vectors for these vulnerabilities.

VU#266926 - Microsoft Internet Explorer contains an integer overflow
in the processing of bitmap files

An integer overflow vulnerability has been discovered in the way that
Internet Explorer processes bitmap image files. This vulnerability
could allow a remote attacker to execute arbitrary code on a
vulnerable system by introducing a specially crafted bitmap file.
(Other resources: CAN-2004-0566)

VU#685364 - Microsoft Internet Explorer contains a double-free
vulnerability in the processing of GIF files

A double-free vulnerability has been discovered in the way that
Internet Explorer processes GIF image files. When processing GIF image
files, the routine responsible for freeing memory may attempt to free
the same memory reference more than once. Deallocating the already
freed memory can lead to memory corruption, which could cause a
denial-of-service condition or potentially be leveraged by an attacker
to execute arbitrary code.
(Other resources: CAN-2003-1048)

VU#713878 - Microsoft Internet Explorer does not properly validate
source of redirected frame Microsoft Internet Explorer does not
properly display URLs

As previously discussed in TA-163A, Microsoft Internet Explorer does
not adequately validate the security context of a frame that has been
redirected by a web server. An attacker could exploit this
vulnerability to evaluate script in different security domains. By
causing script to be evaluated in the Local Machine Zone, the attacker
could execute arbitrary code with the privileges of the user running
Internet Explorer. For a detailed technical analysis of this
vulnerability, please see VU#713878.
(Other resources: CAN-2004-0549)
This means that an attack could come from any html content that is viewed on or from the web.
Remote attackers exploiting the vulnerabilities described above may
execute arbitrary code with the privileges of the user running the
software components being attacked (e.g., Internet Explorer).
Attackers can exploit these vulnerabilities by convincing a victim
user to visit a malicious website, view a malformed image, or read an
HTML-rendered email message. No user intervention is required beyond
viewing an attacker-supplied HTML document or image. For further
details, please see the individual vulnerability notes.
Solutons to this problem, of course is being current on all patchs. But you might have missed one.
Apply the appropriate patch as specified by Microsoft Security
Bulletin MS04-025. Please note that this bulletin provides a
cumulative update that replaces all previously released updates for
Internet Explorer, including those provided in MS04-004. However,
users who have applied hotfixes released after MS04-004 will need to
install MS04-025. Please see the FAQ section of Microsoft's advisory
for more details.
IE is not alone in being effected by these either. Any browser that uses Windows methode of handling HTML (rendering) could be effected by these.