Microsoft fixes two flaws in Office and Outlook The vulnerabilities are still critical
. They can be used to divert mails circulating on a poorly protected network.
After gargantuan Patch Day in April (25 faults corrected), the security bulletin in May Microsoft is rather small to offer with only two vulnerabilities to their teeth.
Two Windows applications are concerned: Outlook Express (and Windows Mail and Live Mail) and Office.
Regarding Outlook, the patch resolves a privately reported vulnerability that could allow remote code execution if a user visited a malicious mail server. An attacker who successfully exploited this vulnerability could gain the same rights as the user and thus divert messages transmitted through a network botched.
Impacted Software: Microsoft Outlook Express 5.5 and 6, Microsoft Windows Mail and Windows Live Mail.
At the Office side, the patch fixes a privately reported vulnerability in Microsoft Visual Basic for Applications. This vulnerability could allow remote code execution if a host application opened and passed a specially crafted file at Runtime Visual Basic for Applications.
If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, modify or delete data or create new accounts with full privileges.
Impacted Software: Microsoft Office XP, 2003 and 2007 and Microsoft Visual Basic for Applications. Re: Microsoft fixes two flaws in Office and Outlook Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213). The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. More informationhere.