IoT
News
News
4/26/2002
10:29 AM
50%
50%

Microsoft Patches Outlook Flaw

The vulnerability exists because of potential conflicting security settings in Word and Internet Explorer, Microsoft says.

Microsoft has issued a patch for a security flaw that affects users of Microsoft Outlook 2000 and 2002. If Microsoft Word is used as the E-mail editor, a condition could exist that would allow an attacker to run potentially malicious software on the user's system.

The vulnerability exists because of potentially conflicting security settings in Word and Internet Explorer, Microsoft says. When displaying an HTML E-mail in Outlook, the security settings of Explorer are applied, which won't allow scripts to run. However, when forwarding or replying to such documents and Word is the E-mail editor, scripts aren't blocked, the company says.

An attacker could exploit this vulnerability by sending a malformed HTML E-mail containing a script to an Outlook user who's using Word as the E-mail editor. If the user replies to or forwards the E-mail, the script would then run, according to the security bulletin.

More information and a patch that remedies the security hole can be found on Microsoft's Web site.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
How to Knock Down Barriers to Effective Risk Management
Risk management today is a hodgepodge of systems, siloed approaches, and poor data collection practices. That isn't how it should be.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.