ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

IE and Outlook flaws reported

Dawn Kawamoto CNET News.com

Published: 07 Sep 2005 08:00 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security flaw has been found in the default installation process for Microsoft's Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security.

A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users' systems remotely, said Mike Puterbaugh, eEye's senior director of product marketing.

eEye, which issued an announcement about the problem late last week, noted that systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000. The security specialist noted that it is still conducting reviews of the flaw and could find that other versions of the operating system are affected.

Microsoft is unaware of any attacks involving the reported vulnerability or any customers who have been affected, a company representative said.

The vulnerability is only the latest IE security flaw researchers have discovered since Microsoft released a cumulative update for the browser last month, Puterbaugh said. Other flaws reported in the past few weeks range from a vulnerability with version 6 of the browser on Windows XP with Service Pack 2 to an IE flaw involving the Microsoft DDS Library Shape Control file.

"I wouldn't be surprised to see Microsoft release another cumulative update for IE in the near future," Puterbaugh said.

While eEye has provided Microsoft details on the vulnerability it found, the security researcher does not provide the public with such details until after a vendor has developed a relevant patch or issued an advisory.

"Microsoft is aggressively investigating these reports," the software giant's representative said. "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers."

Currently, eEye is readying 12 vulnerability advisories for publication after patches or workarounds are released by vendors. Of these, nine are related to Microsoft.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
54 out of 137 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:










Related Jobs

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS,

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS, - Lambeth - 2198 RM helps to push the boundaries of technology to ...

IT Technical Support Analyst, Windows XP, Vista, Office

IT Technical Support Analyst required with strong Windows XP/Vista and Microsoft Office experience to provide a temporary additional resource to ...

Learning Zone Developer

Alternatively, email: recruit@rcn.org.uk or telephone 020 7647 3549 to request an application pack, quoting reference CM0006/0807. For further ...

Featured Talkback

So if you upgrade to XP SP3 you can't uninstall Internet Explorer, I'm quite sure I'm having a Deja-vu feeling about MS preventing people from uninstalling Internet Explorer in other Windows products.

By: TheKLF99

Read full story:
Upgraders to XP SP3 warned over IE downgrades

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.