A security flaw found in several of the most widely used e-mail programs (Microsoft Outlook Express, Microsoft Outlook 98, and Netscape Mail) could be used by malicious persons to send computers using those programs a virus that could destroy or steal data and could cause those computers to crash.

The flaw, which is known as a buffer overflow error, occurs when a program fails to check the length of each character string. This failure means that a string too large to fit into an allotted memory location will lock up the program and fool the operating system into running attacker code in its place. Whereas new languages such as Java have built-in safeguards to prevent this kind of programmer error, older languages such as C and C++ do not. Computer security specialist Steven Bellovin says, "C makes it too easy to slice your fingers off, and programmers all over the world are doing so with great regularity."

Microsoft has offered a fix for the problem, or at least part of it. Apparently a second problem has recently been found, and Microsoft is continuing to work on it. These problems only effect versions of Outlook Express 4.01 with a build number of less than 297. The build number can be found via the About Window.

The current patch can be found at the following URL. The future patch that will solve the new problem will also be posted on this page. Microsoft recommends users who have version 4.0 of Outlook Express to download version 4.01.

http://www.microsoft.com/ie/security/?/ie/security/oelong.htm