Microsoft has issued a patch for a vulnerability in its Outlook messaging software that could allow an attacker to use a message formatted in HTML to read files on a victim's machine.
In a security notice on the issue, online security advisory service CERT warned that the "Cache Bypass" vulnerability could be used in conjunction with other techniques to allow files, which could be Trojan Horse-style malicious code, to be placed on an unwary user's computer.
This is possible because the vulnerability allows attackers to use HTML-formatted messages to store files outside a cache where they are subject to more permissive security policies.
CERT said that the vulnerability is potentially damaging. "When exploited, this vulnerability allows an attacker to store an HTML file in an area that is not protected by the policies of the 'Internet Zone'. This file may then be used to open arbitrary files on [a] machine and send the contents back to the attacker."
However, other security experts were careful to downplay the seriousness of the flaw.
Matthew Pemble, an ex-military ethical hacker, and now senior information security specialist at IS integration, said: "This vulnerability would only allow you to read files whose default reader is Internet Explorer - such as HTML and text files. This is nowhere near as severe as the buffer overflow vulnerability that affected Outlook users last week."
"The latest vulnerability is academic until it is incorporated in a virus," he added.
Like the buffer overflow issue, the root cause of the latest problem is a component that is shared by both Outlook and Outlook Express. As a result, the vulnerability affects both products.
Microsoft has advised users to either install a patch, which it has made available online, or to upgrade to default versions of IE 5.01 Service Pack 1 or 5.5, on any system except Windows 2000.
Separately, Microsoft has issued a patch for the buffer overflow vulnerability allowing users to protect themselves without a full version upgrade. This vulnerability was severe because, left uncorrected, it could allow users to become infected with email viruses before they download email.
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert