Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploit Based On Leaked Windows Code Released

Posted by simoniker on from the nda-never-signed dept.

mischief writes "A post to Bugtraq from SecurityTracker.com reports an Internet Explorer 5 exploit that has been released based on the Win2K code leak: 'It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.' Only affects IE 5 apparently, but still - it didn't take long!"

5 of 952 comments (clear)

  1. there isa goto in the quoted source by Yogurt+Earl · · Score: 0, Troll

    There is a goto in MS source code quoted for the exploit.
    DON'T use goto or you will be infringing on their copyright/IP.
    I hope no existing OSS use goto's because they're hosed. This probably means any project in Fortran is in big trouble!
    Hurry convert to java where goto's don't compile!!

    Yogurt Earl

  2. Microsoft leaked code to "FORCE" XP upgrades...... by Anonymous Coward · · Score: 0, Troll

    You wait and see. This is just the first pebble
    in a huge landslide that's about to come
    crashing down.

    Nobody was upgrading to XP (because it sucked and
    still continues to do so) so Microsoft arranged
    for source code to be leaked.

    The internet will become intolerable for all M$
    operating systems that are less than XP in version
    within 3 months.

    Microsoft is going to HUGELY recover from that
    "No-Gain" Quarter they posted.

  3. Re:Who Runs IE 5 anyway? by BCW2 · · Score: 0, Troll

    The same thundering herd of dumbass that use any form of IE. Just like using hotmail or MSN, these are nothing but virus traps. Those that like catching the worm or virus of the week will continue to use them. The rest of us will use Mozilla, opera or even Netscape. Anything is better than IE.

    --
    Professional Politicians are not the solution, they ARE the problem.
  4. Re:I'll be first to say it by groomed · · Score: 0, Troll

    Microsoft is receiving the same kind of security review that makes OpenSource products so strong in the first place.

    Where is the proof of this alleged strength?

    All of the biggest exploits/worms on Windows can be explained by a combination of popularity and user unawareness. The fact that the source code is not available for public auditing might be a factor in mitigating these exploits, but from all available data, it seems to be a minor factor at best.

    How does the "open source is more secure" theory explain the excellent security record of closed source systems such as HPUX, AIX and Solaris when compared to (say) Linux? How does it account for the fact that shell.sourceforge.net, debian.org and savannah.gnu.org have all been hacked recently, whereas microsoft.com has never been known to be hacked?

    Sorry, I don't buy it. The position that open source leads to more secure software is simply untenable.

  5. Re:Open Source More Secure... maybe not by Anonymous Coward · · Score: 0, Troll

    So someone who worked for M$ and had source code access could have been using this exploit for years! Just because it is found today by someone willing to expose it instead of exploiting it only makes the M$ position worse. JUST HOW MANY OLD, SERIOUS BUGS ARE IN WINDOWS?