CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

eEye : Flaw found in IE, Outlook installation !   Logged in as: Guest
Viewers: 717 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Security News >> eEye : Flaw found in IE, Outlook installation ! Page: [1]
Message << Older Topic   Newer Topic >>
eEye : Flaw found in IE, Outlook installation ! - 9/6/2005 7:09:59 PM   

Posts: 12103
Joined: 7/4/2003
From: Melbourne, Victoria, AUS
Status: offline
A security flaw has been found in the default installation process for Microsoft's Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security.

A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users' systems remotely, said Mike Puterbaugh, eEye's senior director of product marketing.

eEye, which issued an announcement about the problem late last week, noted that systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000. The security specialist noted that it is still conducting reviews of the flaw and could find that other versions of the operating system are affected.

Microsoft is unaware of any attacks involving the reported vulnerability or any customers who have been affected, a company representative said.

The vulnerability is only the latest IE security flaw researchers have discovered since Microsoft released a cumulative update for the browser last month, Puterbaugh said. Other flaws reported in the past few weeks range from a vulnerability with version 6 of the browser on Windows XP with Service Pack 2 to an IE flaw involving the Microsoft DDS Library Shape Control file.

"I wouldn't be surprised to see Microsoft release another cumulative update for IE in the near future," Puterbaugh said.

While eEye has provided Microsoft details on the vulnerability it found, the security researcher does not provide the public with such details until after a vendor has developed a relevant patch or issued an advisory.

"Microsoft is aggressively investigating these reports," the software giant's representative said. "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers."

Currently, eEye is readying 12 vulnerability advisories for publication after patches or workarounds are released by vendors. Of these, nine are related to Microsoft.

Source : CNET News
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Security News >> eEye : Flaw found in IE, Outlook installation ! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI