Information Security & Privacy Software Engineering

Windows IE exploit found after source code leak

I must admit this happened much quicker than I thought it would :- see these articles on the Register and Security tracker – apparently an exploit for a buffer overrun problem in IE *5* has already been released – supposedly discovered by reading the leaked windows source code.

I’m curious as to whether this source code leak will be a “good thing” for windows in the long run, or will end up highlighting so many possible areas for exploits in Windows that MS gets an impossibly hard time…

2 replies on “Windows IE exploit found after source code leak”

Hmm. Unless I”m misinterpreting the article, doesn”t it talk about two exploits – one related to the source code leak exploiting a buffer overrun problem in the way IE 5 handled bitmaps, and the other – a program that exploits the ASN problem?

Plus, the Security Tracker website talks about the flaw supposedly being found in "win2k/private/inet/mshtml/src/site/download/imgbmp.cxx" – eg… a specific file in the source tree?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.