First Fallout from Code Leak Hits the Web | eWeek

First Fallout from Code Leak Hits the Web

Feb 16, 2004
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A security company on Monday alerted clients of a new vulnerability to Internet Explorer 5, one attributed to the recent leak of Microsoft Corp. Windows source code. The quick attack appears to contradict some optimistic expectations that the recent leak of Windows 2000 and NT code would not pose a significant opportunity for hackers.

In a statement released late on Monday, the company said it was investigating the reported exploit, but added that “This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer—Internet Explorer 6.0 Service Pack 1.”

According to a message posted by SecurityGlobal.net LLCs Security Tracker Web site, a vulnerability was reported in Microsoft Internet Explorer Version 5 that lets a “remote user execute arbitrary code on the target system.”

A hacked bitmap file can trigger an integer overflow and execute arbitrary code, the security bulletin said.

The author of the warning said that this flaw was uncovered by reviewing the recently leaked Windows source code.

“I downloaded the Microsoft source code. Easy enough. Its a lot bigger than Linux, but there were a lot of people mirroring it and so it didnt take long,” observed the anonymous programmer in his warning.

The code is a portion of source from Windows NT 4.0 and Windows 2000 that made its way onto the Internet Thursday.

“IE6 is not vulnerable, so I guess Ill get back to work. My Warhol worm will have to wait a bit…” wrote the author of the warning.

The Redmond software company noted that it is continuing to work with the Federal Bureau of Investigation and other law-enforcement officials to investigate the source leak.

According to the Monday statement, company officials reiterated the companys position that: “Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property.

“Questions about the investigation should be referred to the FBI,” the statement added.

Several analysts had predicted no immediate threat from the source code leak, since the amount of code presented on the Internet was limited.

However, in comments offered on Friday, Ken Dunham, malicious-code manager at iDefense Inc., based in Reston, Va., said that vulnerabilities in the older Windows would likely be much easier to discover and exploit now after the leak of the source code.

“There are a lot of implications to this. The situation just got a lot worse, in terms of vulnerabilities,” he said in an interview with an eWEEK reporter. “I imagine well be seeing a lot more this year because of this. Theres certainly enough in [the leaked code] to play with.”

/zimages/1/28571.gifSecurity Center Editor Larry Seltzer said the release of Windows source code offers a novel, if widespread, laboratory to test the relative security claims of Windows and open-source operating systems.Click hereto read more.

This warning follows a string of recent vulnerabilities concerning Internet Explorer. Earlier this month Microsoft released a cumulative patch covering a dangerous Internet Explorer vulnerability that let attackers trick customers into visiting malicious sites.

Dennis Fisher, eWEEK, contributed to this story.

/zimages/1/28571.gifCheck outeWEEK.coms Security Centerat security.eweek.com for security news, views and analysis.

(Editors note: This story has been updated since its original posting to include comment from Microsoft.)

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.