posted on Monday, February 16, 2004 11:38 PM
by
demiliani
First exploit based around Windows code leak
No good... I've just read on Slashdot that the first virus released based on exploits found by reviewing the recently leaked Microsoft Windows source code has been released. Slashdot says that:
"A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system. It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.
The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'. The report indicates that IE 5 is affected but that IE 6 is not affected."
More detailed information on this virus and how it exploits Internet Explorer 5 can be found on the Security Tracker website. Now the question is if Microsoft will decide to fix this bug or not (expecially because IE 5 is not so recent). This is the first bug caused by a review of the leaked code... will be the beginning???