BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

IE and Outlook flaws reported

Tags:
Outlook,
Buffer Overflow,
Hole,
Internet Explorer

Dawn Kawamoto CNET News

Published: 07 Sep 2005 08:00 BST

A security flaw has been found in the default installation process for Microsoft's Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security.

A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users' systems remotely, said Mike Puterbaugh, eEye's senior director of product marketing.

eEye, which issued an announcement about the problem late last week, noted that systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000. The security specialist noted that it is still conducting reviews of the flaw and could find that other versions of the operating system are affected.

Microsoft is unaware of any attacks involving the reported vulnerability or any customers who have been affected, a company representative said.

The vulnerability is only the latest IE security flaw researchers have discovered since Microsoft released a cumulative update for the browser last month, Puterbaugh said. Other flaws reported in the past few weeks range from a vulnerability with version 6 of the browser on Windows XP with Service Pack 2 to an IE flaw involving the Microsoft DDS Library Shape Control file.

"I wouldn't be surprised to see Microsoft release another cumulative update for IE in the near future," Puterbaugh said.

While eEye has provided Microsoft details on the vulnerability it found, the security researcher does not provide the public with such details until after a vendor has developed a relevant patch or issued an advisory.

"Microsoft is aggressively investigating these reports," the software giant's representative said. "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers."

Currently, eEye is readying 12 vulnerability advisories for publication after patches or workarounds are released by vendors. Of these, nine are related to Microsoft.

Did you find this article useful?
55 out of 139 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Microsoft
Flaw
Internet Explorer
Outlook

eEye
security, lack thereof
Hole
Buffer overflow

Related Jobs

Radia Specialist

Security Cleared Desktop Support Engineer - ASAP - Salisbury

Security Solutions Specialist

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner