- Recommend:
- 0 Comments
Microsoft Patches Outlook Security Hole
Flaw in e-mail editing feature could allow malicious script to be run on a PC.
A security vulnerability that could affect users of Microsoft's Outlook 2000 and 2002 e-mail clients who use the company's Word application as an e-mail editor has been patched, according to an advisory from Microsoft.
The vulnerability results from different security settings in the two applications used when an e-mail is being read and when it is being written, Microsoft says.
When an e-mail is displayed in Outlook, the program uses the security settings of Internet Explorer, often configured to disallow the execution of scripts. But when the e-mail is replied to or forwarded using Microsoft Word as the application to write the e-mail, Word's security settings are used, which allow scripts to be run, the company says.
Possible Problems
If an attacker were to send an HTML e-mail containing a script to a user who had their PC configured this way, then any code of the attacker's choice could be run on the target PC if the user replied to or forwarded the e-mail, says Microsoft, based in Redmond, Washington.
Users who have applied Office XP Service Pack 1 are protected against this hole, the company says.
This issue was also the subject of a recent vulnerability announcement by independent security researcher Georgi Guninski.
More information about the flaw and the patch to fix it are available on Microsoft's Web site.
Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
-
Microsoft's Fix for Outlook's 'General Failure' Error for E-Mail Links
-
Free Outlook Add-In PocketKnife Peek Reveals Hidden Info
-
Add a Tabbed E-Mail View to Microsoft Outlook
-
eM Client: Affordable Alternative to Microsoft Outlook
-
Thunderbird Tip: Make E-Mail Replies Start at the Top
-
Help Solve the Outlook 'General Failure' E-Mail Error
-
Microsoft Email Programs Explained
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
Liberties Groups Rap Google's Skirting of Safari's Privacy Protections
-
Google's Safari Tracking Debacle: Reality Check
-
Adobe Confirms New Zero-day Flash Bug
-
15 Smartphone Games to Play for Free in Your Browser
-
Mozilla Patches Critical Firefox Bug
-
Pre-rendered Pages Highlight Latest Google Chrome Release
-
Five Tips to Make Your Facebook Timeline Amazing
-
Google to Pay Users to Track Their Movements Online
-
Adobe Sets IE as Next Target in Flash Security Work
-
Chrome Comes to Android, But Only For the 1 Percent
-
Adobe Launches Sandboxed Flash Player for Firefox, Hopes for Fewer Exploits
-
Google Privacy Issues Let Microsoft Tout IE9's Safeguards
Ad Choices