Microsoft Patches IE, Outlook Flaws
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Microsoft Patches IE, Outlook Flaws

Written By
Chris Gonsalves
Chris Gonsalves
Apr 23, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft Corp. issued patches Wednesday afternoon for a series of newly discovered vulnerabilities in Internet Explorer and Outlook Express.

Both patches are for vulnerabilities deemed critical, according to Microsofts official postings. Both could result in an attacker being able to execute arbitrary code on a users system, according to Microsft TechNet.

In the case of IE, the patch closes four new holes including: a buffer overrun vulnerability in URLMON.DLL; a vulnerability in IEs file upload control; a flaw in the way IE handles third-party file rendering; and a flaw in the way modal dialogs are treated by IE.

Of the four, the buffer overrun is the most troubling as it could allow an attacker to run code on a users system if the user were lured to an attackers Web site, officials said. The other vulnerabilities could also result in a compromise of the users machine either through a malicious Web site or through a specially crafted HTML e-mail message.

The Outlook Express vulnerability could allow an attacker to control a users machine through a MHTML (MIME Encapsulation of Aggregate HTML) URL, either on a Web site or embedded in an HTML e-mail, officials cautioned. The vulnerability exists in Outlook Express MHTML URL Handler that allows any file that can be rendered as text to be opened and rendered as part of a page in Internet Explorer.

“As a result, it would be possible to construct a URL that referred to a text file that was stored on the local computer and have that file render as HTML. If the text file contained script, that script would execute when the file was accessed. Since the file would reside on the local computer, it would be rendered in the Local Computer Security Zone. Files that are opened within the Local Computer Zone are subject to fewer restrictions than files opened in other security zones,” Microsoft officials wrote.

Patches for the two critical vulnerabilities are available on the Microsoft site for Internet Explorer and Outlook Express.

Latest Microsoft News:Latest Security News:

For more Microsoft scoops, check out Ziff Davis Microsoft Watch.

Chris Gonsalves
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information