Last week it became apparent that somehow the large portions of source code to Windows 2000 and Windows NT had become leaked onto the Internet. Some sources indicate that over 30,000 files of the Windows 2000 source code were part of that leak.
Speculation was raised as to whether the leak might lead to the discovery of new security vulnerabilities. As it turns out the first vulnerability has already been discovered and published to the public.
Someone with access to the code found a hole in Internet Explorer 5.x and on Monday the details were released where they wound up on various security mailing lists. Researchers have since confirmed the discovery as genuine and Microsoft also acknowledged its existence.
A spokesperson for Microsoft said that “This exploit is a known issue that [we] had discovered internally and addressed with the latest release of Internet Explorer -- Internet Explorer 6.0 Service Pack 1.”
The vulnerability report states that the problem is an integer overflow condition caused by a specially crafted bitmap file. When IE 5.x loads such a bitmap file an overflow is triggered that could allow arbitrary code to execute on an affected system. The person who released the vulnerability report also released a proof of concept bitmap file. The problem has been confirmed to at least cause a denial of service condition in IE 5.01 with Service Pack 1 and Service Pack 2 installed.
As you might suspect, Microsoft recommends that users upgrade to IE 6.0. However the company is reportedly working on a fix for IE 5.x versions of the browser.
Register
Ward February 18, 2004