A security flaw in Internet Explorer (IE) and Access 2000 could allow macros to be executed automatically on a victim's machine.
The bug, which affects versions of IE from 5.01 to 6.0, allows a hacker to run arbitrary code on a target machine as it attempts to view a website or HTML email.
It can be exploited by embedding macro code such as VBA within an Access database file (.mdb) that in turn lies within an Outlook Express email file or Multipart HTML file (.mhtml). If this file is accessed using IE, the attachment can be automatically executed without triggering any warnings.
The flaw can be exploited through email by using an iframe tag in an HTML email or a window.open () command within a script tag. This allows IE to automatically access the exploit eml file.
Sandro Gauci, security engineer at GFI, the email software company that notified Microsoft of the bug, said: "It can be most dangerous to open an email which uses this exploit because it will run on any computer having IE and Access 2000.
"Our tests on this email threat showed that, in Outlook 2000, the embedded VBA code was executed automatically even within the High Security and Restricted Zone. Such an email that contains malicious code could do almost anything on the recipient's machine."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago