A hacker has already been able to find a new buffer overflow exploit for Internet Explorer 5 by investigating the leaked Windows 2000 source code last week.
The attack relies on a vulnerability in the way that IE 5 processes bitmap files. This could allow an attacker to inject hostile code into vulnerable systems, according to an advisory published by the Security Tracker vulnerability database.
This exploit is chiefly noteworthy because of how it was developed rather than its severity or other factors (IE 6.0 is reportedly not vulnerable to the exploit). IE exploits are hardly a rarity, despite Microsoft's best efforts to reduce their frequency through its much publicised Trustworthy Computing initiative.
White hat hackers yesterday created an exploit for the latest critical flaw in Microsoft Windows, just days after the vulnerability made headlines worldwide.
This flaw involves a vulnerability in Microsoft's Abstract Syntax Notation 1 (ASN.1) library which could be applied to seize control of vulnerable systems.
