Security Update, February 22, 2001
DownloadEnglish
Arabic
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Korean
Norwegian
Polish
Portugese (Brazilian)
Portugese
Russian
Spanish
Swedish
Turkish
|
Read This First
This update resolves the "Malformed vCard" security vulnerability in Outlook and Outlook Express. This vulnerability exists because the component in Outlook and Outlook Express that processes the vCard (virtual business card) has an unchecked buffer (a temporary data storage area without a string length limit). A malicious user can exploit this vulnerability by creating a vCard that contains specially malformed data, and sending it to another user. When the recipient opens the vCard, the data overruns the buffer. This causes the e-mail program to stop functioning until it is restarted. In a more serious case, a malicious user could exploit the unchecked buffer to run unauthorized on the other user's computer. Download now to ensure that your e-mail service processes vCards correctly.
For more information about this vulnerability, please read Microsoft Security Bulletin MS01-012.
System Requirements
This update applies to:
| • | Internet Explorer 5.01 Service Pack 1. |
| • | Internet Explorer 5.5 Service Pack 1. |
Note: Because this vulnerability exists in a component of Outlook Express, which ships as a part of Internet Explorer, the update version you download is dependent upon whether you have Internet Explorer 5.5 Service Pack 1 or Internet Explorer 5.01 Service Pack 1.
