More flaws in Microsoft’s IE

Software security provider, GFI, has discovered a security flaw in Microsoft’s Internet Explorer application that allows macros to be executed automatically on a victim's machine.

  • E-Mail
By  Matthew Southwell Published  February 13, 2002

Software security provider, GFI, has discovered a security flaw in Microsoft’s Internet Explorer application that allows macros to be executed automatically on a victim's machine.

Such a flaw allows with IE allows a malicious user to run arbitrary code on a target machine as it attempts to view a website or an HTML email.

"It can be most dangerous to open an email which uses this exploit because it will run on any computer having Internet Explorer and Microsoft Access 2000, which forms part of MS Office. Our tests on this email threat showed that, in Outlook 2000, the embedded VBA code was executed automatically even within the high security and restricted zone," explains GFI security engineer, Sandro Gauci.

"Such an email that contains malicious code could do almost anything on the recipient's machine," she adds.

Having discovered the flaw GFI notified the Redmond giant who, with much practiced haste, issued an appropriate advisory – Microsoft security bulletin number MS02-005.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code