Slashdot and Security Tracker are reporting that the first virus released based on exploits found in the leaked Windows source code has been released.

“A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system. It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.

The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in ‘win2k/private/inet/mshtml/src/site/download/imgbmp.cxx’. The report indicates that IE 5 is affected but that IE 6 is not affected.”

The Security Tracker website has more detailed information (and source code from windows) on the virus and how exactly it exploits Internet Explorer v. 5. Whether Microsoft will even bother to fix this is debatable; As it’s not an issue for IE 6 it would seem unlikely.

News source: Slashdot.org