Slashdot Mirror


Exploit Based On Leaked Windows Code Released

mischief writes "A post to Bugtraq from SecurityTracker.com reports an Internet Explorer 5 exploit that has been released based on the Win2K code leak: 'It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.' Only affects IE 5 apparently, but still - it didn't take long!"

23 of 952 comments (clear)

  1. so THATS why it was leaked by SlashDread · · Score: 5, Funny

    to fix it...

    "/Dread"

  2. Re:Open Source More Secure... maybe not by The+Unabageler · · Score: 5, Funny

    OTOH M$ should thank the code thiefs for expediting their QA process :-)

    --
    perl -e '$_="\007/4`\cp%2,".chr(127);s/./"\"\\c$&\""/gees; print'
  3. No Problem by Jedi1USA · · Score: 5, Funny

    Microsoft just needs to get a copy of the leaked code and look it over for potential exploits.

    Oh wait. :^)

    --
    My old sig was REALLY stoopid.
  4. Well I got IE6 by superpulpsicle · · Score: 5, Funny

    So I should be all set for the next 2 days until the next major security flaw is found.

  5. Re:Funny comment by the bugtraq submitter by Anonymous Coward · · Score: 5, Funny

    This means that the exploit is so obvious that even a 14 year old can figure it out.

  6. Re:You thought Microsoft were tardy with by cgranade · · Score: 5, Funny

    And here I was thinking it was called Mozilla.

    --

    #define DRM chmod 000

  7. Re:You thought Microsoft were tardy with by Lifewish · · Score: 5, Funny

    Mine's called "Linux". Seems to fix a whole host of problems.

    --
    For the love of God, please learn to spell "ridiculous"!!!
  8. Re:Open Source More Secure... maybe not by 1010011010 · · Score: 5, Funny

    Finally, Microsoft's "Trustworthy Computing" exercise begins in earnest.

    Hehe

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
  9. Re:What the fuck? by vontrotsky · · Score: 5, Funny

    I think it went more like

    1. load int from char array
    2. check int against sizeof(yourbuffer)
    3. user=root if greater

  10. Gone.. But Never Forgotten by halo8 · · Score: 5, Funny

    a specially crafted bitmap file

    Good thing all thoes Goatse pictures where in .jpeg .gif and .tiff

    --
    The More Knowledge you have the Luckier you Get- J.R. Ewing
  11. Re:What the fuck? by SlashDread · · Score: 5, Funny

    In the old days, when I was young system admin, it was called "Monkey Testing".

    It went something like this:
    You position yourself behind a functional input screen, and start hammering viciously and blindly. The latter is important, the more blind the better, it invokes he Holy Random God. Repeat for 5 minutes. You repeat this for each input screen.
    If the screen showed anything similar to "ERROR: OTHER INPUT EXPECTED" it passed.
    If it showed anything similar to "OK, 98zxc3v4^DD^C^Z NEW CUSTOMERS ADDED" or failed to read at all due to overly blinkeyness or so, it failed.

    I understand MS needs more monkeys.

    "/Dread"

  12. occurances of " Don't Care " in MS code by Anonymous Coward · · Score: 5, Funny

    i wanted to post this in the first MS leak story, but oh well, here it is now.

    $ grep -ir " don't care " /win2k/* | wc -l
    332

    check it yourself

  13. Re:I'll be first to say it by lacrymology.com · · Score: 5, Funny

    "We have an interesting 6 months ahead of us, folks."

    I can see the headlines now;

    "New exploit found in IE5"
    "Yet another exploit found in IE5"
    "Exploit found in Minesweeper"
    "Expolit found in Notepad"
    "Yet another exploit found in Minesweeper"
    "Yet another exploit found in Notepad"
    "New exploit found in IE5"
    "God damn! Another exploit found in Minesweeper"
    .
    .
    .
    "Exploit found in taskbar"
    "Exploit found in Times New Roman"
    "Exploit found in bootstrap"
    "Exploit found in Wingdings"
    "Exploit found in ...."

    Sounds pretty redundant and boring to me. ;)

    -m

    --

    #
    # Modus Ponens
    #
  14. Re:Get the source code from Freenet by Anonymous Coward · · Score: 5, Funny

    You bastard! That's my IP address!!!

  15. This reminds me of "The Ring" by MetaMarty · · Score: 5, Funny

    Did you hear about the image that kills your computer whenever you view it?

  16. Re:Text of advisory by grub · · Score: 5, Funny


    I doubt anyone would consider showing 10 lines or so of source code out of millions a copyright violation

    SCO does. :)

    --
    Trolling is a art,
  17. Re:off topic, but orthogonal kind of prompted this by orthogonal · · Score: 5, Funny

    By the way, does anyone know why the bitmap formap [sic] is writte [soc] upside down?

    It's an obscurity that provides extra security against exploits like buffer overflows. ;)

  18. Re:huh by tverbeek · · Score: 5, Funny
    a well-seasoned older programmer who has the social skills of a 13 year old?

    You say that as if it were unusual. ;)

    --
    http://alternatives.rzero.com/
  19. Re:Open Source More Secure... maybe not by OsCarJ · · Score: 5, Funny

    It's like seeing your sister naked. Ack!

    I don't know. I always thought your sister was pretty hot.

  20. Re: of been by Anonymous Coward · · Score: 5, Funny

    I wish that I would of thought have that.

    It could of been me that was modded insightful for of-ing no grammatical skills.

    Well, you know the old saying... birds have a feather, etc.

    Of a nice day! :)

  21. use it for change! by tau_ · · Score: 5, Funny

    So, where's the .bmp I can link to my web site that makes IE5 remotely execute Mozilla Firefox installer?

    --
    Ask a silly person, get a silly answer.
  22. Who Runs IE 5 anyway? by vwjeff · · Score: 5, Funny

    I mean really, who runs IE 5 anyway. I'm sure that most corporate network admins keep up with updating IE. Let me check on a random company machine...

    Help-About Internet Explorer-.....Never mind my previous comment.

  23. Re:Open Source More Secure... maybe not by 1010011010 · · Score: 5, Funny

    60% Funny
    20% Troll
    10% Insightful

    Welcome, Microsofties!

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.