× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: ** Security Flaw Found With Outlook VCards
  • From: Chuck Lewis <clewis@xxxxxxxxxx>
  • Date: Mon, 26 Feb 2001 09:52:21 -0500

Hi Folks,

The following comes from Information Week today.

Chuck

** Security Flaw Found With Outlook VCards

Security consulting and research firm @Stake Inc. has discovered
a security flaw within Microsoft's Outlook and Outlook Express
E-mail applications. The vulnerability concerns the use of
Outlook's vCards, or virtual business cards, which can fall
victim to a buffer overflow attack or contain code that can
attack a user's system.

VCards can be created with malicious code that can either cause
Outlook to crash, or even allow the E-mail application to run
damaging code on a victim's system. In Microsoft Security
Bulletin MS01-012, posted Thursday, Microsoft admitted that the
flaw is potentially devastating. "In the more serious case, the
attacker could cause the mail client to run code of her choice on
the user's machine. Such code could take any desired action,
limited only by the permissions of the recipient on the machine,"
the bulletin states. This means that if a user opens the
malicious vCard, virtually anything can happen, including
reforming the disk drive or adding or deleting files.

Ollie Whitehouse, security architect manager for @stake, says he
discovered the flaw late last year and worked with Microsoft
testing the patch. Whitehouse says users who install the patch
will be protected, but warns that users should "always be
intelligent about what they're downloading. Even seemingly benign
attachments can be malicious."

The flaw is serious enough that Microsoft recommends all Outlook
users update their browser with the security patch. Since the
flawed software component ships with Internet Explorer, users are
recommended to download the Internet Explorer patch at
 http://update.informationweek.com/cgi-bin4/flo?y=eChQ0Bca2V0V20Dj1N
- George V. Hulme

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.