First Exploit Surfaces from Leaked Windows Code

Published by

BetaNews: Just two days after portions of the Windows 2000 Service Pack 1 source made its way onto the Internet, the first exploit to take advantage of bugs discovered in the now opened code has appeared on security mailing lists. The vulnerability lies in Internet Explorer's handling of bitmap images. With a specially created bitmap, a remote user can cause a buffer overflow and execute arbitrary code on a target system. The author of the report, which was seemingly posted with malicious intent, indicates the flaw was uncovered when analyzing the file "imgbmp.cxx" within the Windows source code.

As previously reported, BetaNews traced the leaked source code back to Microsoft partner Mainsoft, which utilized it for MainWin, a software platform for porting Windows applications to UNIX. More at BetaNews
Or at SecurityTracker