Microsoft Patches IE, Outlook Flaws
Both vulnerabilities, deemed critical, could allow an attacker to execute arbitrary code on a user's system.Microsoft Corp. issued patches Wednesday afternoon for a series of newly discovered vulnerabilities in Internet Explorer and Outlook Express. Both patches are for vulnerabilities deemed critical, according to Microsofts official postings. Both could result in an attacker being able to execute arbitrary code on a users system, according to Microsft TechNet. In the case of IE, the patch closes four new holes including: a buffer overrun vulnerability in URLMON.DLL; a vulnerability in IEs file upload control; a flaw in the way IE handles third-party file rendering; and a flaw in the way modal dialogs are treated by IE.
Of the four, the buffer overrun is the most troubling as it could allow an attacker to run code on a users system if the user were lured to an attackers Web site, officials said. The other vulnerabilities could also result in a compromise of the users machine either through a malicious Web site or through a specially crafted HTML e-mail message.
Latest Microsoft News:
Latest Security News: