Bug threatens Outlook users

A flaw in Microsoft's Outlook Express has left users vulnerable to malicious attacks. The flaw is in a component of the email software which processes virtual business cards, or vcards.

By Graham Hayday, 23 February 2001 14:10

NEWS An attacker can exploit this weakness to 'hide' damaging code in a vcard. The user's mail client could be made to crash, or, more seriously, the attacker could cause the mail client to run code on the user's machine. According to Microsoft, such code could take any desired action, limited only by the permissions of the recipient on the machine. However, the vcard needs to be opened for these effects to occur, and there is no means by which one could be made to open automatically. The flaw effects Outlook 97, Outlook 2000, Outlook Express 5.01, and Outlook Express 5.5. Microsoft is advising users to download a patch - see http://www.microsoft.com/technet/security/bulletin/ms01-012.asp .

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ