|
-
February 16th, 2004, 07:16 PM
#1
Fallout from leaked source code begins
From Security Focus Bugtraq archives for today:
A vulnerability was reported in Microsoft Internet Explorer (IE) version
5. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can create a specially crafted bitmap file that,
when loaded by IE, will trigger an integer overflow and execute arbitrary code.
The author states that this flaw was found by reviewing the recently leaked Microsoft
Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'
-
February 16th, 2004, 08:07 PM
#2
yeh i was reading this earlier...it doesnt affect IE6 though which is good. So thats the first compromise do to the source code leak...i wonder how much will follow. Expect quite a few patches coming out in the next couple weeks/months.
-
February 16th, 2004, 08:13 PM
#3
Junior Member
An IE5 exploit tested successfully on Win98....there may have been concern a few years ago 
-
February 16th, 2004, 08:39 PM
#4
Originally posted here by gpshewan
An IE5 exploit tested successfully on Win98....there may have been concern a few years ago
who knows what evils lerk in the depths of xp code...the shadow does
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 16th, 2004, 08:45 PM
#5
Junior Member
who knows what evils lerk in the depths of xp code...
[sarcasm]
You aren't suggesting that XP has hidden exploits and hasn't been thoroughly tested before being released....are you?
Ohmegosh, and here's me thinking that the patches were for enhanced functionality!!!
I may have to look into this Linux thingy....
[/sarcasm]
-
February 16th, 2004, 10:57 PM
#6
Member
IE Exploit Found Using Windows Source Code
A proof-of-concept for a new IE exploit has been released. The person who found the problem used the relently leaked Windows source code to find this. You can see it here
It is a Bitmap file with a payload that can run code in IE.
A malicious bitmap. Wow!
-
February 16th, 2004, 11:09 PM
#7
-
February 16th, 2004, 11:28 PM
#8
I am glad I stopped using I.E a long time ago I have been using mozilla and don't have to really worry about those exploits.
-
February 17th, 2004, 01:26 AM
#9
Yepp, IE is no good... Opera pwnz. 
Anyway, we can now think how many such exploits have already been found (and will be found) that won't be reported to authorities... Before it's too late. :/
Q: Why do computer scientists confuse Christmas and Halloween?
A: Because Oct 31 = Dec 25
-
February 17th, 2004, 06:17 AM
#10
Senior Member
I guess there not much to worry atleast from what I read in this article.....
The source code leak from Microsoft is not as serious as first feared, security experts have advised.
Early indications are that the code that has been published will be of limited use to hackers. The 658MB which has been posted online in a compressed file makes up less than two per cent of the total source code for Windows 2000 and NT.
Coplete article can be found here.......
LINK
****** Any man who knows all the answers most likely misunderstood the questions *****
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
