Microsoft Releases Outlook Patch
- By Scott Bekker
- February 23, 2001
Microsoft released a patch that remedies a security
vulnerability in Outlook and Outlook Express. The vulnerability exists because
the component in Outlook and Outlook Express that processes the virtual
business card (vCard) has an unchecked buffer.
A malicious user could exploit this vulnerability by
creating a vCard that contains specially malformed data and sending it to
another user. When the recipient opens the vCard, the data overruns the buffer.
This causes the e-mail program to stop functioning until it is restarted. In a
more serious potential case, a malicious user could exploit the unchecked buffer
to run unauthorized on the other user’s computer.
The patch is available on Microsoft’s Web site. It applies
to Internet Explorer 5.01 Service Pack 1 and Internet Explorer 5.5 Service Pack
1. – Isaac Slepner
Scott Bekker is editor in chief of Redmond Channel Partner magazine.