News

E-Mail-Borne Virus Danger Detected, Fixed

Microsoft has released a patch that eliminates a vulnerability that could allow a malicious user to embed an unsafe executable application within an e-mail message and disguise it as a safe type of attachment. The unsafe executable could then be made to execute if the user opened the attachment.

A particular ActiveX control allows cabinet files to be launched and executed. This could allow an HTML e-mail message to contain a malicious cabinet file, disguised as a file of an innocuous type -- such as .jpg, .gif, or .txt. If a user attempted to open this file, the operation would fail, but could leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the mail to launch the copy, thereby executing the malicious code.

The affected AcitveX control ships as part of Microsoft Internet Explorer 4 and 5. The patch is available at http://windowsupdate.microsoft.com.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

comments powered by Disqus
Most   Popular

SharePoint Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.