Fallout from leaked source code begins
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Fallout from leaked source code begins

  1. #1
    Senior Member
    Join Date
    Feb 2004
    Posts
    201

    Fallout from leaked source code begins

    From Security Focus Bugtraq archives for today:

    A vulnerability was reported in Microsoft Internet Explorer (IE) version
    5. A remote user can execute arbitrary code on the target system.

    It is reported that a remote user can create a specially crafted bitmap file that,
    when loaded by IE, will trigger an integer overflow and execute arbitrary code.

    The author states that this flaw was found by reviewing the recently leaked Microsoft
    Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'

  2. #2
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    yeh i was reading this earlier...it doesnt affect IE6 though which is good. So thats the first compromise do to the source code leak...i wonder how much will follow. Expect quite a few patches coming out in the next couple weeks/months.

  3. #3
    Junior Member
    Join Date
    Dec 2003
    Posts
    27
    An IE5 exploit tested successfully on Win98....there may have been concern a few years ago

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Originally posted here by gpshewan
    An IE5 exploit tested successfully on Win98....there may have been concern a few years ago
    who knows what evils lerk in the depths of xp code...the shadow does
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Junior Member
    Join Date
    Dec 2003
    Posts
    27
    who knows what evils lerk in the depths of xp code...
    [sarcasm]

    You aren't suggesting that XP has hidden exploits and hasn't been thoroughly tested before being released....are you?

    Ohmegosh, and here's me thinking that the patches were for enhanced functionality!!!

    I may have to look into this Linux thingy....

    [/sarcasm]


  6. #6

    IE Exploit Found Using Windows Source Code

    A proof-of-concept for a new IE exploit has been released. The person who found the problem used the relently leaked Windows source code to find this. You can see it here
    It is a Bitmap file with a payload that can run code in IE.
    A malicious bitmap. Wow!

  7. #7
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    *Threads merged*

  8. #8
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    I am glad I stopped using I.E a long time ago I have been using mozilla and don't have to really worry about those exploits.

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Location
    Helsinki, Finland
    Posts
    570
    Yepp, IE is no good... Opera pwnz.

    Anyway, we can now think how many such exploits have already been found (and will be found) that won't be reported to authorities... Before it's too late. :/
    Q: Why do computer scientists confuse Christmas and Halloween?
    A: Because Oct 31 = Dec 25

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    159
    I guess there not much to worry atleast from what I read in this article.....

    The source code leak from Microsoft is not as serious as first feared, security experts have advised.
    Early indications are that the code that has been published will be of limited use to hackers. The 658MB which has been posted online in a compressed file makes up less than two per cent of the total source code for Windows 2000 and NT.

    Coplete article can be found here.......

    LINK
    ****** Any man who knows all the answers most likely misunderstood the questions *****

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •