[ISN] Internet Explorer springs more leaks

InfoSec News isn at c4i.org
Wed May 18 03:11:38 EDT 2005


Tom Sanders in California
17 May 2005

Security researchers have reported a high-risk flaw in Microsoft's
Outlook and Internet Explorer.

The hole could allow malicious code to be executed with minimal user
interaction, according to security firm eEye Digital Security. The
company claims to have notified Microsoft about the flaw on 5 May.

A spokeswoman for Microsoft confirmed that the company has been
notified, and is investigating the issue.

"At this time, Microsoft is not aware of any malicious attacks
attempting to exploit the reported vulnerabilities, and there is no
customer impact based on this issue," she said.

The defect affects systems running Windows NT, 2000, XP and at least
some versions of Windows 2003.

EEye notified Microsoft about two other flaws in Internet Explorer and
Outlook on 16 March and 29 March, but the software giant has yet to
release a patch for the problems.

Microsoft usually releases patches on a monthly basis to allow systems
administrators to plan for the fixes, although an out-of-cycle patch
can be issued in emergencies.

More information about the ISN mailing list