“Users running Windows 95, 98, 2000, or NT 4.0 are
vulnerable to a total compromise when they preview or read an
infected e-mail, without having to open an attachment.“
“The System Administration, Networking, and Security (SANS)
Institute on Monday identified what it called “probably the most
dangerous programming error” found in workstations running Windows
95, 98, 2000, and NT 4.0.”
“A security alert issued by the cooperative research and
education group states that users running any of the affected
operating systems are vulnerable to a total compromise when they
preview or read an infected e-mail — without having to open an
attachment. They’re also vulnerable if they have Microsoft Access
97 or 2000, or if they run any mail reader, like Outlook or Eudora,
that uses Internet Explorer (4.0 and higher) to render HTML
documents.”
“According to the SANS advisory, a hacker could get into
Microsoft Access using ActiveX controls without the victim knowing
that it’s happening. “This is a very serious problem,” said
Forrester Research (stock: FORR) analyst Frank Prince. “Anyone with
Visual Basic knowledge could potentially send an e-mail — that
doesn’t have to be opened — and give the hacker complete access to
the user’s system.”