Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Security Advisory MS01-012 (Outlook)

Microsoft Security Advisory MS01-012 (Outlook)

by Phiber on February 25th, 2001 Outlook Express provides several components that are used both by it and Outlook, if Outlook is installed on the machine. One such component, used to process vCards, contains an unchecked buffer...


By creating a vCard and editing it to contain specially chosen data,
then sending it to another user, an attacker could cause either of
two effects to occur if the recipient opened it. In the less serious
case, the attacker could cause the mail client to fail. If this
happened, the recipient could resume normal operation by restarting
the mail client and deleting the offending mail. In the more serious
case, the attacker could cause the mail client to run code of her
choice on the user's machine. Such code could take any desired
action, limited only by the permissions of the recipient on the
machine.



Because the component that contains the flaw ships as part of OE,
which itself ships as part of IE, the patch is specified in terms of
the version of IE rather than OE or Outlook.



Patch is available.



The entire advisory.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »