Critical Flaws in Mac Versions of IE, Office Patched
- By Scott Bekker
- April 18, 2002
Enterprises using Mac clients with Microsoft desktop software got a major new patch tossed their way this week. Microsoft released a cumulative patch for its Apple products that also fixes two critical new security vulnerabilities.
Affected products are Macintosh versions of Internet Explorer 5.1, Outlook Express 5.0, Office v. X, Office 2001 and PowerPoint 98.
The critical new vulnerabilities can both allow an attacker to execute code. One is a buffer overrun related to the handling of an HTML element -- a flaw affecting IE and Office. With the vulnerability, an attacker can cause code of his choice to run as if it were the user.
The second vulnerability can allow local AppleScripts to be invoked by a Web page. Locally stored AppleScripts can be invoked as if they had been launched by the user.
The cumulative patch is available at www.microsoft.com/technet/security/bulletin/ms02-019.asp.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.