AOH :: ISN-1370.HTM

eEye spots another gaping hole in Outlook and Explorer

eEye spots another gaping hole in Outlook and Explorer
eEye spots another gaping hole in Outlook and Explorer 

By Matthew Broersma
07 September 2005

Microsoft says it is investigating a new high-risk security flaw
affecting Outlook and Internet Explorer, adding to the growing number
of serious bugs that have been reported to the vendor but remain

eEye Digital Security disclosed the new bug, a buffer-overflow flaw
potentially allowing attackers to execute malicious code on a system,
last week. The bug affects default installations of Outlook, Outlook
Express and Internet Explorer on Windows 2000 and Windows XP with
Service Pack 1 installed, although eEye said additional versions of
Windows may also be affected.

Microsoft said it is investigating the problem, and may issue a fix in
the future. The company said it isn't aware of any exploits using the

In order to minimise the danger from unpatched bugs, eEye doesn't
disclose more than the bare minimum of information on a flaw until it
has been patched or the vendor has tested a workaround. However, the
number of unpatched high-risk flaws eEye and other vendors have
reported to Microsoft products is substantial, with some dating back
several months.

Security researchers usually urge vendors to patch flaws within a few
weeks of the initial report, arguing that bugs can be detected by
potential attackers just as easily as by legitimate researchers.

eEye alone says it has nine bug reports awaiting patches from
Microsoft, the oldest of which dates from the end of March. Most are
high-risk, affecting software such as Internet Explorer, Outlook and
system-level software.

Software from Macromedia and RealNetworks also has a total of three
unpatched, high-risk flaws, according to eEye.

Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California 

Site design & layout copyright © 1986-2015 CodeGods