Codebase.gen is a piece of code included in the body of an email message or a web page in order to exploit two vulnerabilities in the browser Internet Explorer. Affected software is Internet Explorer v4.0 or later, and programs that use this browser internally to perform some operations, such as Outlook and Outlook Express. Exploited vulnerabilities are Browser Cache Script Execution in My Computer Zone and Object Tag. They allow an attacking user to run arbitrary code on the affected computer without the user's permission when accessing a malicious web site or opening a specially crafted email message in HTML format. The arbitrary code is usually embedded in the web site or the received email message, and could be of any nature: viruses, worms, Trojans, backdoors, etc. Aug. 27, 2004: Computers can also be affected by Codebase.gen during the installation of a skin for Winamp v3.0 or later: as part of the installation process, an HTML file is executed. If this file would contain the code of Codebase.gen, then it would be possible to execute any type of file without users consent. So installing a Winamp skin could compromise computer security. If your computer has Internet Explorer v4.0 or later installed, it is highly recommendable to download the security patch from Microsoft's website. Click here to access the web page for further information and downloading the patch. |