A security flaw has been found in the default installation process for Microsoft's Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security.
A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users' systems remotely, said Mike Puterbaugh, eEye's senior director of product marketing.
eEye, which issued an announcement about the problem late last week, noted that systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000. The security specialist noted that it is still conducting reviews of the flaw and could find that other versions of the operating system are affected.
Microsoft is unaware of any attacks involving the reported vulnerability or any customers who have been affected, a company representative said.
"I wouldn't be surprised to see Microsoft release another cumulative update for IE in the near future," Puterbaugh said.
While eEye has provided Microsoft details on the vulnerability it found, the security researcher does not provide the public with such details until after a vendor has developed a relevant patch or issued an advisory.
"Microsoft is aggressively investigating these reports," the software giant's representative said. "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers."
Currently, eEye is readying 12 vulnerability advisories for publication after patches or workarounds are released by vendors. Of these, nine are related to Microsoft.
So does this mean an attacker needs to wait for you to Install IE, OE, or Outlook to gain control? I suppose someone could stand behind my desk with wireless laptop waiting for me to install these apps and gain control! This isn't even news...
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
