Please note: this site will work
in any browser and on any device, however will look much nicer on
CSS-compatible browsers. If you are using a browser that supports
CSS, please wait while the CSS file loads and this message will
disappear.
If you wish to enjoy the web to the fullest, please upgrade
to a standards-compatible browser.
This page is a list of vulnerabilities that remain unpatched,
it is our hope that the increased awareness brought forth may help
further the research necessary to properly secure them.
Vulnerabilities listed on this page work (among others) with
the latest versions of Internet Explorer, with all patches installed.
Until proper patches have been provided, the only fix to some of these
vulnerabilities is to disable scripting.
This page is, and always will be, a work in progress. This is not
a definitive list of vulnerabilities.
11 September 2003: There are currently 31 unpatched vulnerabilities.
The latest cumulative Internet Explorer patch
is released August 20, 2003 with the identifier MS03-032.
Cumulative patches combine all previous IE patches, and should be considered mandatory installs.
11 September 2003: Added Media bar ressource injection by jelmer
10 September 2003: Added file-protocol proxy by Liu Die Yu
10 September 2003: Added NavigateAndFind protocol history by Liu Die Yu
10 September 2003: Added window.open search injection by Liu Die Yu
10 September 2003: Added NavigateAndFind file proxy by Liu Die Yu
10 September 2003: Added Timed history injection by Liu Die Yu
10 September 2003: Added history.back method caching by Liu Die Yu
10 September 2003: Added Click hijacking by Liu Die Yu
9 September 2003: Re-added Re-evaluating HTML elavation
26 August 2003: Added ADODB.Stream local file writing by jelmer
20 August 2003: Changed latest cumulative IE patch link, MS03-032 released
5 August 2003: Added Notepad popups by Richard M. Smith
4 August 2003: Added protocol control chars by badWebMasters
Older news...
Media bar ressource injection
Description: Arbitrary file download and execution, by ability to load ressource files in a window object
Reference: http://lists.netsys.com/pipermail/full-disclosure/2003-September/009917.html
Exploit: http://ip3e83566f.speed.planet.nl/hacked-by-chinese/5.htm
file-protocol proxy
Description: cross-domain scripting, cookie/data/identity theft, command execution
Reference: http://safecenter.net/liudieyu/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
Exploit: http://safecenter.net/liudieyu/WsOpenFileJPU/WsOpenFileJPU-MyPage.HTM
NavigateAndFind protocol history
Description: cross-domain scripting, cookie/data/identity theft, command execution
Reference: http://safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
Exploit: http://safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-MyPage.HTM
window.open search injection
Description: cross-domain scripting, cookie/data/identity theft, command execution
Reference: http://safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
Exploit: http://safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-MyPage.htm
NavigateAndFind file proxy
Description: cross-domain scripting, cookie/data/identity theft, command execution
Reference: http://safecenter.net/liudieyu/NAFfileJPU/NAFfileJPU-Content.HTM
Exploit: http://safecenter.net/liudieyu/NAFfileJPU/NAFfileJPU-MyPage.htm
Timed history injection
Description: cross-domain scripting, cookie/data/identity theft, command execution
Reference: http://safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
Exploit: http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-MyPage.HTM
history.back method caching
Description: cross-domain scripting, cookie/data/identity theft, command execution
Reference: http://safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
Exploit: http://www.safecenter.net/liudieyu/RefBack/RefBack-MyPage.HTM
Click hijacking
Description: Pointing IE mouse events at non-IE/system windows
Reference: http://safecenter.net/liudieyu/HijackClick/HijackClick-Content.HTM
Exploit: http://safecenter.net/liudieyu/HijackClick/HijackClick2-MyPage.HTM
Re-evaluating HTML elavation dataSrc command execution
Description: Allows execution of arbitrary commands in Local Zones
Detail: This bug is related to the codebase local path bug,
but details the actual issue and runs without scripting
or ActiveX enabled
Published: February 28th 2002
Reference: http://security.greymagic.com/adv/gm001-ie/
Example exploit: http://security.greymagic.com/adv/gm001-ie/advbind.asp
Note: See 6th May 2003 Notes.
Notes September 2003:
Renamed and re-added, symptom fixed instead of problem.
Now demonstrates how to reach HTA functionality.
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0309/83.html
Example exploit: http://www.malware.com/badnews.html
Example exploit without scripting: http://www.malware.com/greymagic.html
Temporary workaround: Change the mime-type application/hta to something else
ADODB.Stream local file writing
Description: Planting arbitrary files on the local file system
Exploit: http://ip3e83566f.speed.planet.nl/eeye.html (but unrelated to the EEye exploit)
Notepad popups
Description: Opening popup windows without scripting
Reference: http://computerbytesman.com/security/notepadpopups.htm
Followup: http://msgs.securepoint.com/cgi-bin/get/bugtraq0308/55.html
Note: This is just an example of the problem, this entry will be replaced when more material is published
protocol control chars
Description: Circumventing content filters
Reference: http://badwebmasters.net/advisory/012/
Exploit: http://badwebmasters.net/advisory/012/test2.asp
WMP local file bounce
Description: Switching security zone, arbitrary command execution, automatic email-borne command execution
Reference: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0307&L=ntbugtraq&F=P&S=&P=6783
Exploit: http://www.malware.com/once.again!.html
HTTP error handler Local Zone XSS
Description: HTML/Script injection in the Local Zone
Reference: http://sec.greymagic.com/adv/gm014-ie/
Exploit: http://sec.greymagic.com/adv/gm014-ie/
XSS in Unparsable XML Files
Description: Cross-Site Scripting on any site hosting files that can be misrendered in MSXML
Reference: http://sec.greymagic.com/adv/gm013-ie/
Exploit: http://sec.greymagic.com/adv/gm013-ie/
Alexa Related Privacy Disclosure
Description: Unintended disclosure of private information when using the Related feature
Reference: http://www.secunia.com/advisories/8955/
Reference: http://www.imilly.com/alexa.htm
Basic Authentication URL spoofing
Description: Spoofing the URL displayed in the Address bar
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0306/15.html
DNSError folder disclosure
Description: Gaining access to local security zones
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0306/52.html
mhtml wecerr CAB flip
Description: Delivery and installation of an executable
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0305/48.html
WebFolder data Injection
Description: Injecting arbitrary data in the My Computer zone
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0305/13.html
codebase local path
Description: Allows execution of arbitrary commands in Local Zones
Hinted: June 25th 2000 by Dildog
Reference: http://online.securityfocus.com/archive/1/66869
Hinted: November 23rd 2000 by Georgi Guninski
Reference: http://www.guninski.com/parsedat-desc.html
Published: January 10th 2002, by thePull (incorrectly labeled the "Popup object" vulnerability)
Reference: http://home.austin.rr.com/wiredgoddess/thepull/advisory4.html
Example exploit: http://home.austin.rr.com/wiredgoddess/thepull/funRun.html
Note: See 6th May 2003 Notes.
Web Archive buffer overflow
Description: Possible automated code execution.
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0303/107.html
dragDrop invocation
Description: Arbitrary local file reading through native Windows dragDrop invocation.
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0302/12.html
Exploit: http://kuperus.xs4all.nl/security/ie/xfiles.htm
document.domain parent DNS resolver
Description: Improper duality check leading to firewall breach
Published: July 29 2002
Reference: http://online.securityfocus.com/archive/1/284908/2002-07-27/2002-08-02/0
FTP Folder View XSS
Description: Elevating privileges, running script in the My Computer zone, arbitrary command execution, etc.
Published: June 7th 2002 (Microsoft was notified December 21st 2001.)
Reference: http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html
Exploit: http://jscript.dk/Jumper/xploit/ftpfolderview.html
DynSrc Local File detection
Description: Detect if a local file exists, and read its size/date
Published: March 27th 2002
Reference: http://security.greymagic.com/adv/gm003-ie/
Status: Patched in IE6 by IE6 Service Pack 1, but IE5 and 5.5 are still vulnerable.
Security zone transfer
Description: Automatically opening IE + Executing attachments
Published: March 22nd 2002
Reference: http://security.greymagic.com/adv/gm002-ie/
Extended HTML Form Attack
Description: Cross Site Scripting through non-HTTP ports, stealing cookies, etc.
Published: February 6th 2002
Reference: http://eyeonsecurity.org/advisories/multple-web-browsers-vulnerable-to-extended-form-attack.htm
"script src" local file enumeration
Description: Enables a malicious programmer to detect if a local
file exists.
Published: January 3rd 2002
Reference: http://www.securityfocus.com/bid/3779
Example exploit: http://jscript.dk/Jumper/xploit/scriptsrc.html
IE https certificate attack
Description: Undetected SSL man-in-the-middle attacks, decrypting
SSL-encrypted traffic in realtime
Published: December 22 2001 ( Stefan Esser )
Published: June 6 2000 ( ACROS )
Reference: http://security.e-matters.de/advisories/012001.html
Example exploit: http://suspekt.org/
Status: Initially fixed in IE4 and early IE5s by MS00-039, re-introduced by a later patch.
These used to be listed on this page, but have now been patched. Hopefully, this means that this page is working as expected.
Content-Disposition/Type
Description: Allows spoofing of filename in download dialog
Published: November 26th 2001
Reference: http://www.securityfocus.com/cgi-bin/archive.pl?id=1&threads=1&tid=242376
Patched: December 13th 2001 ( http://www.microsoft.com/technet/security/bulletin/MS01-058.asp )
Re-Published: December 16th (by HTTP-EQUIV, patch didn't work)
Reference: http://online.securityfocus.com/archive/88/245822
Example exploit: http://jscript.dk/Jumper/xploit/contentspoof.asp
Finally patched by MS02-005 (nice touch about blurring Open)
XMLHTTP
Description: Allows reading of local files
Published: December 15th 2001
Reference: http://www.securityfocus.com/bid/3699
Example exploit: http://jscript.dk/Jumper/xploit/xmlhttp.asp
Finally completely patched by MS02-008
document.open
Description: Allows cross-domain scripting (reading cookies from other site, etc.)
Published: December 19th 2001
Reference: http://www.securityfocus.com/bid/3721
Example exploits: http://tom.me.uk/MSN/
& http://home.austin.rr.com/wiredgoddess/thepull/advisory3.html
Patched by MS02-005
GetObject
Description: Allows reading of local files (any type, even binary)
Published: January 1st 2002
Reference: http://www.securityfocus.com/bid/3767
Example exploit: http://jscript.dk/Jumper/xploit/GetObject.html
Patched by MS02-005
Cookie-based Script
Execution
Description: Injecting script in the Local Zone.
Published: April 3rd 2002
Reference: http://online.securityfocus.com/archive/1/265459
Status: Partly patched by MS02-015,
easily circumvented.
Patched by MS02-023
File download execution
Description: Download and execute any program automatically
Published: March 18th 2002
Reference: http://www.lac.co.jp/security/english/snsadv_e/48_e.html
History: Added March 23rd, removed March 26th, re-added March 27th
Details: http://www.newsbytes.com/news/02/175484.html
Patched by MS02-023
OWC Local File Detection
Description: Multiple local files detection issues
Published: April 8th 2002
Reference: http://security.greymagic.com/adv/gm008-ie/
Exploit: http://security.greymagic.com/adv/gm008-ie/
Pached by MS02-044
OWC Clipboard Access
Description: Complete clipboard access even with Clipboard Disabled
Published: April 8th 2002
Reference: http://security.greymagic.com/adv/gm007-ie/
Exploit: http://security.greymagic.com/adv/gm007-ie/
Pached by MS02-044
OWC Local File Reading
Description: Reading local and remote files with OWC in IE
Published: April 8th 2002
Reference: http://security.greymagic.com/adv/gm006-ie/
Exploit: http://security.greymagic.com/adv/gm006-ie/
Pached by MS02-044
OWC Scripting
Description: Running script even with Scripting Disabled
Published: April 8th 2002
Reference: http://security.greymagic.com/adv/gm005-ie/
Exploit: http://security.greymagic.com/adv/gm005-ie/advowcscr.asp
Pached by MS02-044
Remote dialogArguments interaction
Description: Elevating privileges, hijacking MSN Messenger, running
script in the My Computer zone, arbitrary command execution, etc.
Published: April 16th 2002
Reference: http://jscript.dk/adv/TL002/
Exploit: http://jscript.dk/adv/TL002/
Appendix: Extending the vulnerable version from just IE6
to IE5 and higher.
Reference and exploit: http://security.greymagic.com/adv/gm001-ax/
Status: Partly patched by MS02-023,
IE6 appears fixed while IE5.5 and 5 are still wide open.
Patched by MS02-047
Gopher buffer overflow
Description: Delivery and execution of arbitrary code
Published: June 4th 2002
Reference: http://www.solutions.fi/index.cgi/news_2002_06_04?lang=en
Workaround: http://www.microsoft.com/technet/security/bulletin/MS02-027.asp
Third-party fix: http://www.pivx.com/gopher_smoker.html
Patched by MS02-047
object Cross Domain Scripting
Description: Elevating privileges, arbitrary command execution,
local file reading, stealing arbitrary cookies, etc.
Published: July 10 2002
Reference: http://www.pivx.com/larholm/adv/TL003/
Exploit: http://www.pivx.com/larholm/adv/TL003/
Patched by MS02-047
IE dot bug
Description: Overriding filetype handlers on local files
Published: May 19th 2002
Reference: http://online.securityfocus.com/archive/1/273168/2002-05-18/2002-05-24/0
Patched by MS02-047
XP Help deleter
Description: Arbitrary local file/folder deletion.
Published: August 15 2002
Reference: http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.html
Exploit: http://jscript.dk/2002/8/sec/xphelpdelete.html
Patched by Windows XP SP1
delegated SSL authority
Description: HTTPS spoofing, man-in-the-middle attacks, etc.
Published: August 6 2002
Reference: http://www.thoughtcrime.org/ie-ssl-chain.txt
Reference: http://arch.ipsec.pl/inteligo.html
Exploit: http://www.thoughtcrime.org/ie.html
Appears patched by MS02-050
Who framed Internet Explorer
Description: Cross-protocol scripting, arbitrary command execution, local file reading, cookie theft, website forging, sniffing https, etc.
Published: September 9 2002
Reference: http://sec.greymagic.com/adv/gm010-ie/
Exploit: http://sec.greymagic.com/adv/gm010-ie/wfsimple.html
Patched by MS02-066
iframe Document - The D-day
Description: Circumventing zone sandboxing, XSS, cookie theft, local file reading / execution
Published: October 15 2002
Reference: http://security.greymagic.com/adv/gm011-ie/
Exploits: http://security.greymagic.com/adv/gm011-ie/
Patched by MS02-066
object zone redirection
Description: Circumventing the zone restrictions introduced by IE6 SP1
Published: September 10 2002
Reference: http://www.pivx.com/larholm/adv/TL005/
Reference: http://online.securityfocus.com/bid/5730/discussion/
Patched by MS02-066
showModalDialog method caching
Description: Circumventing security zones, XSS, cookie theft, local file reading / execution, etc.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-066
createRange method caching
Description: Circumventing security zones, XSS, cookie theft, local file reading / execution, etc.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-066
elementFromPoint method caching
Description: Circumventing security zones, XSS, cookie theft, local file reading / execution, etc.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-066
getElementById method caching
Description: Circumventing security zones, XSS, cookie theft, local file reading / execution, etc.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-066
getElementsByName method caching
Description: Circumventing security zones, XSS, cookie theft, local file reading / execution, etc.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-066
getElementsByTagName method caching
Description: Circumventing security zones, XSS, cookie theft, local file reading / execution, etc.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-066
execCommand method caching
Description: Read access to the foreign document.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-066
document.write method caching
Description: Spoofing of content
Published: October 21 2002
Reference: http://online.securityfocus.com/archive/1/296371/2002-10-19/2002-10-25/0
Exploit: http://clik.to/liudieyu ==> SaveRef_DocumentWrite-MyPage section.
Patched by MS02-066
"assign" method caching
Description: Circumventing zone sandboxing, cross-protocol scripting, cookie theft, and possible local file reading / execution
Published: October 1 2002
Reference: http://online.securityfocus.com/archive/1/293692/2002-09-29/2002-10-05/0
Exploit: http://www16.brinkster.com/liudieyu/SaveRef/SaveRef-MyPage.htm
Exploit: http://jscript.dk/2002/10/sec/SaveRefLocalFile.html (local file reading and execution)
Patched by MS02-066
Slash URL encoding XSS
Description: Arbitrary Cross Domain Scripting, cookie theft, etc.
Published: September 3 2002
Reference: http://online.securityfocus.com/archive/1/290220/2002-09-01/2002-09-07/0
Exploit: http://www16.brinkster.com/liudieyu/2FforMSIE/2FforMSIE-MyPage.htm
Patched by MS02-066
HTML Help ActiveX
Description: stack and heap based buffer overflows, DOS
Published: May 27th 2002
Reference: http://www.nextgenss.com/vna/ms-whelp.txt
Reference: http://online.securityfocus.com/bid/4857
Believed to be Patched by MS02-066
external object caching
Description: Circumventing security zones, XSS, cookie theft, local file reading / execution, etc.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS02-068
MS JVM native method vulnerabilities
Description: A collection of at least 10 different vulnerabilities in the MS JVM, escaping the sandbox, local file reading, silent delivery and execution of arbitrary programs, etc.
Published: September 9 2002
Reference: http://www.solutions.fi/index.cgi/news_2002_09_09?lang=eng
Patched by MS03-011
Self-executing HTML Help
Description: Delivery and execution of arbitrary programs
Published: June 1st 2002
Reference: http://www.malware.com/yelp.html
Reference: http://online.securityfocus.com/archive/1/275126
Exploit: http://www.malware.com/html.zip
Patched by MS03-015
cross-frame dialogArguments access
Description: Circumventing security zones, local file reading / execution, etc.
Published: November 20 2002
Reference: http://online.securityfocus.com/archive/1/300525/2002-11-17/2002-11-23/0
Exploit: http://www16.brinkster.com/liudieyu/BadParent/BadParent-MyPage.htm
Extended Exploit: http://security.greymagic.com/misc/globalDgArg/
Patched by MS03-015
clipboardData object caching
Description: Read/write access to the clipboard, regardless of settings.
Published: October 22 2002
Reference: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Exploit: http://sec.greymagic.com/adv/gm012-ie (cumulative advisory)
Patched by MS03-015
Java XMLDSO base tag
Description: Arbitrary local file reading.
Published: August 17 2002
Reference: http://online.securityfocus.com/archive/1/287895/2002-08-15/2002-08-21/0
Exploit: http://www.xs4all.nl/~jkuperus/msieread.htm
Patched by MS03-011 and MS03-015
CTRL-key file upload focus
Description: Local file reading, downloading and executing arbitrary code.
Published: July 23 2002
Reference: http://online.securityfocus.com/archive/1/283866/2002-07-21/2002-07-27/0
Exploit: http://jscript.dk/2002/7/sec/sandbladctrl.html (corrected to include SHIFT)
Patched by MS03-015
Back Button CSS
Description: Read cookies/local files and execute code (triggered
when user hits the back button)
Published: April 15th 2002
Reference: http://online.securityfocus.com/archive/1/267561
Patched by MS03-015
HELP.dropper (IE6, OE6, Outlook)
Description: Silent delivery and installation of an executable on a target computer
Published: March 28th 2002
Reference and example exploit: http://www.malware.com/lookout.html
Reference: http://online.securityfocus.com/archive/1/264590
Patched by MS03-015
JVM Bytecode Verifier
Description: Escaping applet sandbox restrictions, taking any action.
Published: November 21 2002
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0211/255.html
Reference / POC: http://lsd-pl.net/java_security.html
Patched by MS03-011
Embedded files XSS
Description: XSS to arbitrary sites, cookie theft
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0212/218.html
Exploit: http://www16.brinkster.com/liudieyu/viaSWFurl/viaSWFurl-MyPage.htm
Patched by MS03-015
dialog style XSS
Description: security zone XSS, cookie theft, monitoring the user.
Published: December 3 2002
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0212/29.html
Exploit: http://jscript.dk/2002/11/sec/diemodalstyleXSS.html
Patched by MS03-015
WMP Stench
Description: Silent delivery and installation of an executable on a target computer
Published: August 21 2002
Reference: http://www.malware.com/stench.html
Exploit: http://www.malware.com/malware.php
Patched by MS03-015
cssText Local File Reading
Description: Reading portions of local files, depending on structure.
Published: April 2nd 2002
Reference: http://security.greymagic.com/adv/gm004-ie/
Exploit: http://security.greymagic.com/adv/gm004-ie/
Patched by MS03-015
object longtype
Description: Code execution
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0306/49.html
Exploit: http://msgs.securepoint.com/cgi-bin/get/bugtraq0306/78.html
Patched by MS03-020
remote file request flooding
Description: Arbitrary remote file execution
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0305/130.html
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0305/147.html
Exploit: http://www.malware.com/forceframe.html
Patched by MS03-020
local file request flooding
Description: Arbitrary local file execution
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0305/85.html
Patched by MS03-020
align buffer overflow
Description: Buffer overflow, arbitrary code execution
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0306/170.html
Patched by MS-3_023
MS02-008
Patches: XMLHTTP
Published: February 22nd 2002 (21st February in USA)
Location: http://www.microsoft.com/technet/security/bulletin/MS02-008.asp
MS02-044
Patches: OWC Local File Detection, OWC Clipboard Access, OWC Local File Reading & OWC Scripting
Published: August 20th 2002
Location: http://microsoft.com/technet/security/bulletin/MS02-044.asp
IE6 Service Pack 1
Patches: cssText and DynSrc
Published: September 9th 2002
Location: http://microsoft.com/windows/ie/downloads/critical/ie6sp1/
Windows XP Service Pack 1
Patches: Everything IE6 SP1 patches, and XP Help deleter
Published: September 9th 2002
Location: http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/
MS02-050
Patches: delegated SSL authority
Published: September 4th 2002, last updated October 17th 2002
Location: http://microsoft.com/technet/security/bulletin/MS02-050.asp
MS03-011
Patches: ByteCode Verifier and all previous JVM related vulnerabilities, this is MS JVM build 3810.
Published: April 9th 2003
Location: http://www.microsoft.com/technet/security/bulletin/MS03-011.asp
MS03-020
Notice: This is the latest IE cumulative patch. This combines all previous IE patches.
Patches: object longtype overflow
Published: June 4th 2003
Location: http://www.microsoft.com/technet/security/bulletin/MS03-020.asp
MS03-032
Notice: This is the latest IE cumulative patch. This combines all previous IE patches.
Patches: OBJECT HTA execution, and other not publicly known vulnerabilities
Published: August 20th 2003
Location: http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
MS03-023
Patches: align buffer overflow
Published: July 10 2003
Location: http://www.microsoft.com/technet/security/bulletin/MS03-023.asp
Please mail any questions or comments to