A flawed ActiveX control makes computers running Internet Explorer Version 5.0 or Microsoft Office 2000 vulnerable to virus infections on most e-mail systems even if users don't open infected attachments, according to a computer security think tank.
Bethesda, Md.-based SANS Institute revealed yesterday that default security settings on Explorer permit users to receive viruses and spread them by viewing or previewing malicious e-mail without actually opening an attachment or visiting a malicious Web site.
The security hole is created by a flaw in an Explorer ActiveX control called scriptlet.typelib. While the hole can be closed in minutes using tools available on Microsoft's security site, simply updating antivirus tools isn't an effective solution, according to SANS.
"This is by far the fastest growing virus distribution program and ripe for a hugely destructive event — at least as large as the 'I Love You' virus," warned SANS in a bulletin issued in its recent newsletter.
The correction script may be run directly from a page on Microsoft's Web site.
Related links:
For more security coverage, visit our Security Watchpage.
- Have opinions on security issues? Head to the forums. (Note: Registration required to post message; anyone may read messages. To register on Computerworld'sforums, click here).