Tuesday, 17. February 2004

Topic: COMPUTER - on February 17, 2004 at 10:46:00 AM CET

Exploit Based On Leaked Windows Code Released

A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.

The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

¬> securitytracker.com

... Comment