Please note: this site will work in any browser and on any device, however will look much
nicer on CSS-compatible browsers. If you are using a browser that supports CSS, please
wait while the CSS file loads and this message will disappear.
If you wish to enjoy the web to the fullest, please
upgrade to a standards-compatible browser.
This page was made public to put pressure on Microsoft, in the hope that they may patch the listed security holes.
Vulnerabilities listed on this page work with the latest version of Internet Explorer, with all patches installed.
Untill proper patches have been provided, the only fix is to disable scripting.
This page is, and will always be, a work in progress. This is not a definitive list of vulnerabilites.
A publicly known vulnerability typically ends up here after a month without acknowledgments or patches.
Miscellaneous news
10th February 2002: Some vulnerabilities have now been patched by MS02-005 !
More news, 10th February 2002: The MS02-005 patch has magically disappeared from WindowsUpdate ?
12th February 2002: MS02-005 patch is now finally official, but does NOT patch everything as promised !
14th February 2002: Windows XP also reported as being vulnerable to the "XMLHTTP" vulnerability.
17th February 2002: Updated, went over some more unpatched.
XMLHTTP STILL not patched for Windows 95/98 or XP, only patched for NT4/Win2K
Description: Allows reading of local files
Published: December 15th 2001
Reference: http://www.securityfocus.com/bid/3699
Example exploit: http://jscript.dk/Jumper/xploit/xmlhttp.asp
"script src" local file enumeration
Description: Enables a malicious programmer to detect if a local file exists.
Published: January 3rd 2002
Reference: http://www.securityfocus.com/bid/3779
Example exploit: http://jscript.dk/Jumper/xploit/scriptsrc.html
codebase localpath (First published as "Popup object" vulnerability)
Description: Allows execution of arbitrary commands
Published: January 10th 2002
Reference: http://home.austin.rr.com/wiredgoddess/thepull/advisory4.html
Example exploit: http://home.austin.rr.com/wiredgoddess/thepull/funRun.html
These used to be listed on this page, but have now been patched. Hopefully, this means that this page is working as expected.
Content-Disposition/Type Patched by MS02-005 (nice touch about blurring Open)
Description: Allows spoofing of filename in download dialog
Published: 26th November, 2001
Reference: http://www.securityfocus.com/cgi-bin/archive.pl?id=1&threads=1&tid=242376
Patched: December 13th 2001 ( http://www.microsoft.com/technet/security/bulletin/MS01-058.asp )
Re-Published: 17th January 2002 (by HTTP-EQUIV, patch didn't work)
Reference: securityfocus.com lost url ?
Example exploit: http://jscript.dk/Jumper/xploit/contentspoof.asp
XMLHTTP only patched for NT4 / Windows2000, homeusers still vulnerable (see above in the "unpatched" section)
patched by "Windows 2000 Security Rollup Package, January, 2002"
Description: Allows reading of local files
Published: December 15th 2001
Reference: http://www.securityfocus.com/bid/3699
Example exploit: http://jscript.dk/Jumper/xploit/xmlhttp.asp
document.open Patched by MS02-005
Description: Allows cross-domain scripting (reading cookies from other site, etc.)
Published: December 19th 2001
Reference: http://www.securityfocus.com/bid/3721
Example exploits: http://tom.me.uk/MSN/ & http://home.austin.rr.com/wiredgoddess/thepull/advisory3.html
GetObject Patched by MS02-005
Description: Allows reading of local files (any type, even binary)
Published: January 1st 2002
Reference: http://www.securityfocus.com/bid/3767
Example exploit: http://jscript.dk/Jumper/xploit/GetObject.html
This page was assembled by Thor Larholm and Tom Gilder.