Although the flaws would not allow self-propagating worms to infiltrate a system, there is the potential of attackers installing backdoor Trojans without a person's knowledge, Ben Nagy, an eEye senior security engineer, said on Friday.
"If a user is tricked (into going) to a site carrying malicious code, they can become infected by just surfing across a banner ad," Nagy
notified Microsoft several days ago of the flaws in the default installation of Outlook and IE and is giving the software giant time to develop a patch before releasing details on which versions of the software are affected, Nagy
For now, only a few details are included in eEye's page of upcoming advisories.Nagy
added that eEye
is also still conducting its own testing of various platforms to evaluate which ones are affected and to what degree.
No exploits are known to have been developed yet, Nagy
has acknowledged a vulnerability does exist and is real, but I doubt they will release a patch out of [their monthly] cycle," Nagy