A new set of highly critical flaws has been discovered in Microsoft’s Internet Explorer and Outlook programs, according to research company eEye Digital Security.
The vulnerabilities allow for remote code execution with no actions from the computer user, eEye said. Although the flaws would not allow self-propagating worms to infiltrate a system, there is the potential of attackers installing backdoor Trojans without a person’s knowledge, Ben Nagy, an eEye senior security engineer, said Friday.
“If a user is tricked (into going) to a site carrying malicious code, they can become infected by just surfing across a banner ad,” Nagy said.
eEye notified Microsoft several days ago of the flaws in the default installation of Outlook and IE and is giving the software giant time to develop a patch before releasing details on which versions of the software are affected, Nagy said.
Source: c|net

Articles RSS