Feeds

Guninski finds new ActiveX security hole in OXP

Outlook strikes again...

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Bug hunter extraordinary Georgi Guninski has posted a tetchy warning of a new security hole in Office XP. As Georgi says, "MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are."

In this case Office XP installs an ActiveX control called "Microsoft Outlook View Control." This exposes a property called "selection" which allows access to a user's email messages. It also, says Guninski, exposes the Outlook "Application" object, which could allow execution of arbitrary programs on the user's computer. This could allow an intruder to take full control of the user's computer.

Guninski says he alerted Microsoft to the problem on the 9th of July, and that he understands they're investigating it. In the meanwhile Office XP can visit his demo of the feature here, (it's quite cute) and then (says Georgi) uninstall Office XP and Windows. ®

Internet Security Threat Report 2014

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.