Effects
CodeBase.A is a piece of code included in the body of an e-mail message or a web page in order to exploit two vulnerabilities in the browser Internet Explorer. Affected software is Internet Explorer v4.0 or later, and programs that use this browser internally to perform some operations, such as Outlook and Outlook Express.
The first vulnerability is known as Browser Cache Script Execution in My Computer Zone. This vulnerability allows to run arbitrary code in My Computer zone without the user's permission when accessing a malicious web site or opening specially crafted email messages in HTML format.
The arbitrary code is usually embedded in the web site or the received email message, and could be of any nature: viruses, worms, Trojans, backdoors, etc. Additionally, this vulnerability could also allow an attacker to browse the files on the affected computer or to run an executable file already present on it. However, the attacking user would not be able to pass any parameters to the executable file.
The second vulnerability is known as Object Tag. It allows an attacking user to run arbitrary code on the affected computer, with the same user rights as the logged-on user.
Both vulnerabilities are exploited including CodeBase in malicious web pages or embedding it in the body of an specially crafted email message, which is then mass-mailed. The computer is affected when the user accesses the web page or opens the email message.
If your computer has Internet Explorer v4.0 or later installed, it is highly recommendable to download the security patch from Microsoft's website. Click here to access the web page for further information and downloading the patch.