NT/W2K Source leak

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 02/13/04

  • Next message: Russ: "Re: NT/W2K Source leak"
    Date:         Fri, 13 Feb 2004 12:30:46 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    1. NT source is NT 4.0 SP3, contains 27000+ files (658MB). It is all NT
    4.0 Server except IIS, includes IE 4. No references to Mainsoft (see
    http://www.eweek.com/article2/0,4149,1526830,00.asp.)

    2. W2K is SP1, a very small subset, IE 5, SNMP, PKI, networking and some
    SDK stuff. 28000+ files (338MB - although many of these are empty mail
    messages and other crap.) Does contain 3 references to MainSoft. Much of
    what is there is available elsewhere.

    MS confirmed the leak at;

    http://www.microsoft.com/presspass/press/2004/Feb04/02-12windowssource.a
    sp

    I'd be very surprised if this leak results in any significant new risk.
    Given how hard people have pounded away at the binaries in the past,
    pouring over 55,000 source file to find something new in old versions
    will likely/hopefully be a very unfulfilling task.

    Cheers,
    Russ - NTBugtraq Editor

    -----
    NTBugtraq Editor's Note:

    Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
    -----


  • Next message: Russ: "Re: NT/W2K Source leak"

    Relevant Pages

    • Re: menus in JS or CSS - pros? cons?
      ... So in theory, attaching event handlers to ... The theory that says 'all circular references including DOM nodes causes ... but it does not identify all leak scenarios. ...
      (comp.lang.javascript)
    • Re: IE6 memory leak - very fiddly
      ... You should not simply snip what is being referred to in the quoted text, ... references, many of them unnecessary, which are known to leak memory in IE ...
      (comp.lang.javascript)
    • Re: Memory leak in aspnet_wp.exe
      ... http://www.red-gate.com/code_profiling.htm (14 day free trial ought to be ... First you need to figure out if this is a managed or unmanaged leak. ... references to the same object all over the place (utility classes can often ... It did not send any responses for pending requests in ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Strange report from leaks
      ... Then later it reported a leak again. ...  I attached gdb and attaching gdb make the ... Since the tool detected no references, ... what happens when the address is read from disk -- ...
      (comp.unix.programmer)
    • Re: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc.
      ... Indeed -- there are some public domain references (from folk who should ... "leaked" .ZIPs show that there is quite a bit of cruft included (.EML ... NT 4.0 Server except IIS, ... No references to Mainsoft ...
      (Full-Disclosure)