A proof-of-concept code fragment that turned up on a Russian security software engineers' forum was acknowledged by Microsoft’s response team. It showed that the MessageBox API function that enables Windows applications to give simple alerts to users, if subjected to repeated calls, can leave an open handle to free memory.

So far, the problem isn’t being rated as critical. Though the usual suspects are flagging this vulnerability as another “zero-day,” no exploits regarding this proof-of-concept have yet been acknowledged by Microsoft or other sources, BetaNews found evidence of the source of the problem lurking as far back as early 1999.

BetaNews