« Back | Main | Doing something serious about SPAM »
February 16, 2004
First Windows code leak exploit
Three days after Microsoft acknowledged that Windows 2000 and Windows NT4.0 source code had been leaked to the Internet, the first exploit to use that source code was announced.
It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.
This just fans the flames for spam-funded miscreants to find Windows vulnerabilities and exploit them before someone else does.
Posted by pete at February 16, 2004 11:13 AM
Trackback Pings
TrackBack URL for this entry: