Exploit based on leaked Windows code released

Exploit based on leaked Windows code released
Patrick Gray, SecurityFocus 2004-02-16

The first new security vulnerability to emerge from last week's Microsoft source code leak crossed a security mailing list over the weekend, reigniting debate over the seriousness of the leak.

Expand all | Post comment

I posted that vulnerability in August 2000 2004-02-16
John Nagle (2 replies)

See: http://slashdot.org/comments.pl?sid=7070&cid=859419

In that Slashdot article back in 2000, I reported that vulnerability, writing "The ... decompressor for RLE-compressed .BMP files is in the kernel, and contains a buffer overflow."

I didn't need the source code to find that problem. I found it because I was creating compressed .BMP files and accidentally created one that crashed Win2K every time.

If Microsoft doesn't read Slashdot, that's their problem.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/8060/25079#25079

I posted that vulnerability in August 2000 2004-02-19
Anonymous

I posted that vulnerability in August 2000 2004-02-19
Coldman

Exploit based on leaked Windows code released 2004-02-18
Y@M@Z@KY (2 replies)

Exploit based on leaked Windows code released 2004-02-19
Anonymous

Exploit based on leaked Windows code released 2004-02-19
PoopForBrains

Exploit based on leaked Windows code released 2004-02-19
no one important

Exploit based on leaked Windows code released 2004-02-21
empty