Windows IE exploit found after source code leak

I must admit this happened much quicker than I thought it would :- see these articles on the Register and Security tracker - apparently an exploit for a buffer overrun problem in IE *5* has already been released - supposedly discovered by reading the leaked windows source code.

I'm curious as to whether this source code leak will be a "good thing" for windows in the long run, or will end up highlighting so many possible areas for exploits in Windows that MS gets an impossibly hard time...

Published 17 February 2004 08:04 PM by James Crowley

Comments

# Robert McLaws said on 17 February, 2004 03:52 PM
Unfortunately, I thin the Register is attempting to create a scared where none exists. The two events are unrelated. The flaw was exploited by reverse engineering the ASN.1 patch (http://www.patchdayreview.com/posts/MS04-007.aspx)that was issued last week, not by reviewing the leaked source code to Windows.
# Robert McLaws said on 17 February, 2004 03:52 PM
a scare*
# James Crowley said on 17 February, 2004 04:20 PM
Hmm. Unless I'm misinterpreting the article, doesn't it talk about two exploits - one related to the source code leak exploiting a buffer overrun problem in the way IE 5 handled bitmaps, and the other - a program that exploits the ASN problem?

Plus, the Security Tracker website talks about the flaw supposedly being found in "win2k/private/inet/mshtml/src/site/download/imgbmp.cxx" - eg... a specific file in the source tree?

Leave a Comment

(required) 
(required) 
(optional)
(required)