A security company on Monday alerted clients of a new vulnerability to Internet Explorer 5, one attributed to the recent leak of Microsoft Corp. Windows source code. The quick attack appears to contradict some optimistic expectations that the recent leak of Windows 2000 and NT code would not pose a significant opportunity for hackers.
According to a message posted by SecurityGlobal.net LLC’s Security Tracker Web site, a vulnerability was reported in Microsoft Internet Explorer Version 5 that lets a “remote user execute arbitrary code on the target system.”
A hacked bitmap file can trigger an integer overflow and execute arbitrary code, the security bulletin said.
The author of the warning said that this flaw was uncovered by reviewing the recently leaked Windows source code.