August 2006: The IE patch that created a new buffer overflow hole in IE
Let's hear it for MS06-042, the cumulative security update for Internet Explorer that not only caused IE to crash, it also introduced a security hole of its very own.
In late August, Microsoft owned up to some of the problems in KB 923762: the part where IE 6 crashes while looking at a valid website. Solution? Install the latest, greatest version of MS06-042.
Then in September, Microsoft had to reissue the patch again to "address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow -- CVE-2006-3873."
KB 918899 lists 15 separately identified problems with this patch, from crashes to freezes to inexplicable behavior.