Microsoft Products Leave Macs Vulnerable
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Microsoft Products Leave Macs Vulnerable

Written By
Dennis Fisher
Dennis Fisher
Apr 16, 2002
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

There is a security vulnerability in several Microsoft Corp. products that run on the Macintosh platform that researchers say could be fertile ground for the development of a worm.

The flaw is a buffer overflow associated with the way that the applications handle a lengthy subdirectory in a particular file. It affects Internet Explorer 5.1 on the Mac OS 8, 9 and X; Outlook Express 5.0.2; Entourage 2001 and X; PowerPoint 98, 2001 and X; Excel 2001 and X; and Word 2001.

If an Outlook Express or Entourage user opened an e-mail message containing the exploit code, his machine would be compromised; in Internet Explorer, the user would need to click on a link in order for the attack to work, said Matt Conover, a member of w00w00 Security Development, which issued an advisory late Monday about the flaw.

After the exploit code is resident on a machine, it could download from the Web a program of the attackers choice, which in turn could do any number of things, including deleting files.

“The worm potential comes from the exploit reading off the contact list and sending itself to all the contacts,” Conover said. “This is even easier to exploit than ILOVEYOU because users had to open an attachment for that. Here a victim only needs to attempt to read the e-mail.”

The vulnerability was first discovered by researchers with Angry Packet Security, who reported it to Microsoft in January. The company failed to respond to the advisory, so the researchers, along with members of w00w00 Security Development planned to release their information on Feb. 17.

Once Microsoft officials saw the scope of the problem, they asked for more time to develop patches and w00w00 delayed its advisory until now.

Conover said that writing shell code to exploit the vulnerability is a simple task and that it may not be long before someone attaches such code to a worm.

“This is another vulnerability with potentially far-reaching consequences. In the case of Entourage, it has the potential for a worm, with the magnitude depending on how many people actually use Entourage,” he wrote in w00w00s advisory.

Entourage replaced Outlook for Mac in the new Office v. X suite.

Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information