Microsoft Patches IE, Outlook Flaws | eWeek

Microsoft Patches IE, Outlook Flaws

Verfasst von
Chris Gonsalves
Chris Gonsalves
Apr 23, 2003
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Microsoft Corp. issued patches Wednesday afternoon for a series of newly discovered vulnerabilities in Internet Explorer and Outlook Express.

Both patches are for vulnerabilities deemed critical, according to Microsofts official postings. Both could result in an attacker being able to execute arbitrary code on a users system, according to Microsft TechNet.

In the case of IE, the patch closes four new holes including: a buffer overrun vulnerability in URLMON.DLL; a vulnerability in IEs file upload control; a flaw in the way IE handles third-party file rendering; and a flaw in the way modal dialogs are treated by IE.

Of the four, the buffer overrun is the most troubling as it could allow an attacker to run code on a users system if the user were lured to an attackers Web site, officials said. The other vulnerabilities could also result in a compromise of the users machine either through a malicious Web site or through a specially crafted HTML e-mail message.

The Outlook Express vulnerability could allow an attacker to control a users machine through a MHTML (MIME Encapsulation of Aggregate HTML) URL, either on a Web site or embedded in an HTML e-mail, officials cautioned. The vulnerability exists in Outlook Express MHTML URL Handler that allows any file that can be rendered as text to be opened and rendered as part of a page in Internet Explorer.

“As a result, it would be possible to construct a URL that referred to a text file that was stored on the local computer and have that file render as HTML. If the text file contained script, that script would execute when the file was accessed. Since the file would reside on the local computer, it would be rendered in the Local Computer Security Zone. Files that are opened within the Local Computer Zone are subject to fewer restrictions than files opened in other security zones,” Microsoft officials wrote.

Patches for the two critical vulnerabilities are available on the Microsoft site for Internet Explorer and Outlook Express.

Latest Microsoft News:Latest Security News:

For more Microsoft scoops, check out Ziff Davis Microsoft Watch.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.