Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » New high-risk security flaw in Outlook and Explorer

New high-risk security flaw in Outlook and Explorer

by Nikola Strahija on September 8th, 2005 Microsoft is currently investigating a new high-risk security flaw affecting Outlook and Internet Explorer, adding to the growing number of serious bugs that have been reported to the vendor but remain unfixed.


eEye Digital Security disclosed the new bug, which is a a buffer-overflow flaw potentially allowing attackers to execute malicious code on a system, last week. The bug affects default installations of Outlook, Outlook Express and Internet Explorer on Windows 2000 and Windows XP with Service Pack 1 installed, although eEye said additional versions of Windows may also be affected.

In order to minimise the danger from unpatched bugs, eEye doesn't disclose more than the bare minimum of information on a flaw until it has been patched or the vendor has tested a workaround. However, the number of unpatched high-risk flaws eEye and other vendors have reported to Microsoft products is substantial, with some dating back several months.

Security researchers usually urge vendors to patch flaws within a few weeks of the initial report, arguing that bugs can be detected by potential attackers just as easily as by legitimate researchers.

eEye alone says it has nine bug reports awaiting patches from Microsoft, the oldest of which dates from the end of March. Most are high-risk, affecting software such as Internet Explorer, Outlook and system-level software.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »