Fallout from leaked source code begins

From Security Focus Bugtraq archives for today:

Quote:

---

A vulnerability was reported in Microsoft Internet Explorer (IE) version
5. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can create a specially crafted bitmap file that,
when loaded by IE, will trigger an integer overflow and execute arbitrary code.

The author states that this flaw was found by reviewing the recently leaked Microsoft
Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'

---

yeh i was reading this earlier...it doesnt affect IE6 though which is good. So thats the first compromise do to the source code leak...i wonder how much will follow. Expect quite a few patches coming out in the next couple weeks/months.

An IE5 exploit tested successfully on Win98....there may have been concern a few years ago :D

Quote:

---

Originally posted here by gpshewan
An IE5 exploit tested successfully on Win98....there may have been concern a few years ago :D

---

who knows what evils lerk in the depths of xp code...the shadow does

Quote:

---

who knows what evils lerk in the depths of xp code...

---

[sarcasm]

You aren't suggesting that XP has hidden exploits and hasn't been thoroughly tested before being released....are you?

Ohmegosh, and here's me thinking that the patches were for enhanced functionality!!!

I may have to look into this Linux thingy....

[/sarcasm]

;) :D

A proof-of-concept for a new IE exploit has been released. The person who found the problem used the relently leaked Windows source code to find this. You can see it here
It is a Bitmap file with a payload that can run code in IE.
A malicious bitmap. Wow!

*Threads merged*

I am glad I stopped using I.E a long time ago I have been using mozilla and don't have to really worry about those exploits.

Yepp, IE is no good... Opera pwnz. :thumbsup: ;)

Anyway, we can now think how many such exploits have already been found (and will be found) that won't be reported to authorities... Before it's too late. :/

I guess there not much to worry atleast from what I read in this article.....

The source code leak from Microsoft is not as serious as first feared, security experts have advised.
Early indications are that the code that has been published will be of limited use to hackers. The 658MB which has been posted online in a compressed file makes up less than two per cent of the total source code for Windows 2000 and NT.

Coplete article can be found here.......

LINK

Over here it was reported that the code was Windows 2000 SP1?

I would imagine that it would be NT4 SP6a with some add ons?

Most of it must be "fixes", so it would not take a genius to reverse engineer them and figure out the exploit?

Just a thought :)

Quote:

---

The 658MB which has been posted online in a compressed file makes up less than two per cent of the total source code for Windows 2000 and NT.

---

How large is the windows source code?...doing math!




hhmmmmm.



Adiz

I think that you would have to send c with this file to get this buffer to overflow say the dump value of umm 1000 bits atleast and a letter would probally be used, i think it's more a vunrability that can be exploited by an indervidual from a remote location rather than a web page. atchally no thinking about it thats tosh ignor you could easyily do it through a web site. O the joys of microsoft, but hey this is going to make it one hell of alot stronger in the future by not having to pay for people to find the flaws.

Quote:

---

Originally posted here by adiz
How large is the windows source code?...doing math!




hhmmmmm.



Adiz

---

can i just point out uncompressed it's 831 / 896 megs

has anyone of you ever thought that the source may had leaked on purpose?
just to find some new guys to jail in?