[TheGuide Logo]

Search

Forum

Home

Feedback

Credits

About Raj

The Bug with a free will! it does not need you either

Juan Carlos Garcia Cuartango discovered the "Active setup control security loophole" in Microsoft Outlook and Outlook Express that can deliver your machine into malicious hands.

It downloads and saves an e-mail borne attachment without user intervention or knowledge. Once free to roam your hard drive, the attachment can access or delete files at will! This means it is worse as compared to the Bubbleboy Virus.

As  mentioned in the Bubbleboy article that the general trend is to think that "that unless you open an attachment and save it to the disk you are safe" will not work anymore!

The hacker could create an HTML message with an unseemly harmless ".cab" file which is a trap. You wont need to save the file to disk but merely opening it will execute a code embedded in the mail. A ".cab" file is essentially a Microsoft file format used for transportation and storage of application code.

While Microsoft has not spotted any exploits yet to this new bug, users should disable the active scripting in Outlook express as a precautionary measure.

There is a Patch available that you could use if you are using IE 4.01 and above. You could use a patch to protect yourself.

This patch is available at:
http://www.microsoft.com/msdownload/iebuild/ascontrol/en/ascontrol.htm

Run this program from the site and reboot your computer.



Copyright © 1999 Dr. Raj Mehta. All rights reserved.