|
|
April 23, 2003
Microsoft Corp. issued patches Wednesday afternoon for a series of newly discovered vulnerabilities in Internet Explorer and Outlook Express.
Both patches are for vulnerabilities deemed critical, according to Microsoft's official postings. Both could result in an attacker being able to execute arbitrary code on a user's system, according to Microsft TechNet.
In the case of IE, the patch closes four new holes including: a buffer overrun vulnerability in URLMON.DLL; a vulnerability in IE's file upload control; a flaw in the way IE handles third-party file rendering; and a flaw in the way modal dialogs are treated by IE.
Of the four, the buffer overrun is the most troubling as it could allow an attacker to run code on a user's system if the user were lured to an attacker's Web site, officials said. The other vulnerabilities could also result in a compromise of the user's machine either through a malicious Web site or through a specially crafted HTML e-mail message.
The Outlook Express vulnerability could allow an attacker to control a user's machine through a MHTML (MIME Encapsulation of Aggregate HTML) URL, either on a Web site or embedded in an HTML e-mail, officials cautioned. The vulnerability exists in Outlook Express' MHTML URL Handler that allows any file that can be rendered as text to be opened and rendered as part of a page in Internet Explorer.
Source: eWeek
Patches:
Cumulative Patch for Internet Explorer (813489)
Cumulative Patch for Outlook Express (330994)
-->
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
