A veteran bug hunter has detected a security hole in Microsoft's Internet Explorer 5.5, Outlook and Outlook Express.
Georgi Guninski of Bulgaria published his "high risk" advisory of the exploit Wednesday, warning of a security vulnerability in which a malicious person could read files and URLs after enticing someone to view a Web page or read an HTML message that the malicious person created.
"It's definitely a high risk," said Elias Levy, chief technology officer for SecurityFocus.com. "We assume that the only thing people can do is read files--that's pretty damaging in and of itself, but at least for now people aren't able to write or execute programs through your machine. They can only read files from your machine or read Web pages."
Levy added that a hacker could also get into someone's computer system by delivering an email of a Web page to someone who uses Outlook or Outlook Express.
Levy said that the problem appears to be in the code that bridges Internet Explorer and Java via the object tag.
The object tag is a way to run plug-ins, Java applets or other external programs within a browser.
Microsoft's Security Response Center said it is investigating the reported vulnerability, which the company was notified about Saturday.
"We are thoroughly investigating (the vulnerability) just like we do with all these," a Microsoft representative said. "We're very committed to keeping our customers' information safe. As soon as we have more information, we'll be sure to get that out to our customers."
Early this month, Guninski circulated another advisory that warned people using Microsoft's Internet Explorer 5.5 of a security hole that could let a hacker enter their computers and tinker with files.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
AstrologyDating.com is a new site that tries to find you your perfect love on the basis of birth date, birth time, and birthplace. But will it tell you the truth? Well, it asks you to pay only per match. So I tried it.
The Web fulminates when it is revealed that executives from VEVO--vehement music industry antipirates--played a pirated stream of an NFL playoff game at a party. VEVO claims it left its Wi-Fi unsupervised. Have we heard that argument before?
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
iPhones and Angry Birds aside, the arcade endures. Crave pays a visit--and offers up an homage to games and gamers of years past and a tribute to the possibly endangered, but not yet dead, atmosphere of the arcade itself.
Join the conversation