Exploit Based On Leaked Windows Code Released

mischief writes "A post to Bugtraq from SecurityTracker.com reports an Internet Explorer 5 exploit that has been released based on the Win2K code leak: 'It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.' Only affects IE 5 apparently, but still - it didn't take long!"

oh snap

im masturbating!

fp

i got first post and you didn't

Re:fp

No you didn't, fag.

Why don't you take the time to think out a somewhat intelligent reply?

Re:fp

WRONG, DOUCHEBAG! I WIN!

Put that in your pipe and smoke it, cock gobbler!

fp?

fp?

Re:Funny comment by the bugtraq submitter

[LocoSpitz]

Don't mod parent down. Pointing out text found in the article's link is not trolling, and it is not flamebait.

Re:Leaked Source Code . . .

I think it's whack... but I'm not sure.

Re:Dear Mr. Gayer Than Aids

[Satan+Dumpling]

How bout if the virus changes your homepage to hotgaymen.com? Then it's probably gay. :)

Re:Gone.. But Never Forgotten

Good thing all thoes Goatse pictures where in .jpeg .gif and .tiff

This is a rant.

I know the guy who runs (ran) goatse.cx. IT IS NOT GOATSE -- It is pronounced Goatsex. See, the word is made using the TLD as part of the name. Like pla.net. I cannot believe the masses of people who do not get that. Goatse isn't funny. Goat sex is funny. The hate mail was the part of the site to go to and read, not that anyone got past the main image...

Posting anon so people won't question how I know so much about goat sex ;-)

off topic, but orthogonal kind of prompted this

[n3k5]

By the way, does anyone know why the bitmap formap is writte upside down?

Re:Text of advisory

[surfcow]

Anyway, I took a look, and decided that Microsoft is GAYER THAN AIDS .

Brother, I understand your point, but I really don't like the way you express it. At all.

I would really like to keep this kind of crap off slashdot. The rest of the internet is a toilet. Save it for there. Thanks.

Re:Open Source More Secure... maybe not

mod parrent Insightfull

Re:See!

that's funny

I told Microsfot about this exploit two years ago!

Well, I can't be sure that this ie exactly the same thing as what I informed them of. But it sure sounds like it is.

What I informed them of was that I discovered that if I made a very wide bmp, and we're talking tens of thousands of pixels wide, that the image would cause windows itself to crash over and over every time it booted if you clicked the image in exploerer and it got into the mydocuments menu. This was because it was trying to generate a preview of it.

I surmised that this crash could mean that there was a buffer overflow occuring and I informed Microsoft of this vulnerability. They wrote back one email but never said they fixed it. As a patch has never been issued for Windows 98 for this issue as far as I am aware, that means the vulnerability would still be there regardless of whether the latest version of IE is installed or not.

Re:GAYER THAN AIDS?

"because no one honestly believes that AIDS is a gay disesase anymore"

If you do research, you will see that yes, gay males are still the infected group majority.

Here are a couple of links.

http://www.cdc.gov/hiv/pubs/facts/msm.htm
http: //www.siecus.org/pubs/shop/volume5/shpv50055. html

Not that I think it will do much good for you, because you can't be totally oblivious.

Re:Open Source More Secure... maybe not

Diego ... is that you?

Re:Open Source More Secure... maybe not

Demote parent. EVERY bug tracking system has a "wontfix" equivalent. This is just innuendo.

Re:Open Source More Secure... maybe not

[OsCarJ]

You stay the hell away from my sister you pervert!

Re:Open Source More Secure... maybe not

mod child unspellful