Security Alert, February 18, 2004

Leaked Code Leads to Vulnerability Discovery in IE 5.x
   The first vulnerability resulting from leaked Windows 2000 and
Windows NT source code has been discovered and published. Someone with
access to the code found a hole in Internet Explorer (IE) 5.x, and on
February 16 the details were released and found their way to various
security mailing lists.
   The vulnerability is an integer-overflow condition caused by a
specially crafted bitmap file. When IE 5.x loads such a bitmap file,
an overflow is triggered that could permit the execution of arbitrary
code on an affected system. The problem has been confirmed to at least
cause a Denial of Service (DoS) condition in IE 5.01 with Service Pack
1 (SP1) and SP2 installed. Microsoft recommends that users upgrade to
IE 6.0. However, the company is reportedly working on a fix for IE 5.x
versions of the browser.
   http://secadministrator.com/articles/index.cfm?articleid=41784

For complete details about this vulnerability, be sure to visit our
Web site at the provided URL.

Thank you for subscribing to Security UPDATE. Please tell your friends
about this newsletter and alert list!

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z