Windows source code exploit released
That didn't take long...
Posted in Security, 17th February 2004 12:43 GMT
Free whitepaper – The starter PKI program
The leak of Windows source code last week has already enabled a hacker to create an exploit.
Days after portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally leaked onto the Web, an anonymous hacker has found a buffer overflow flaw and crafted an exploit.
The attack relies on a vulnerability in the way that IE 5 processes bitmap files. This could allow an attacker to inject hostile code into vulnerable systems, according to an advisory published by the Security Tracker vulnerability database.
This exploit is chiefly noteworthy because of how it was developed rather than its severity or other factors (IE 6.0 is reportedly not vulnerable to the exploit). IE exploits are hardly a rarity, despite Microsoft's best efforts to reduce their frequency through its much publicised Trustworthy Computing initiative.
White hat hackers yesterday created an exploit for the latest critical flaw in Microsoft Windows, just days after the vulnerability made headlines worldwide.
This flaw involves a vulnerability in Microsoft's Abstract Syntax Notation 1 (ASN.1) library which could be applied to seize control of vulnerable systems.
Say what you like about them, these hackers work fast... ®
Related Stories
MS Windows source code escapes onto Internet
MS partner fingered in Windows code leak, Linux box implicated
Flaw on Tuesday, exploit by Monday
MS releases double-plus critical security fix
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server


The best practices guide for application security
Avoiding 7 common mistakes of IT security compliance
The starter PKI program
Airport insecurity: the case of lost laptops
The mandate for application security
Google cloud told to encrypt itself
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive