(A Javascript-enabled browser is required to email me.)
Tasty logo & award


Microsoft security exploits




This table summarizes a number of bugs and security concerns found in Microsoft products in 1997 and 1998, particularly in Microsoft Internet Explorer as it interacts with other operating-system features. In most cases the discoverer of a vulnerability posted an exploit site to demonstrate the problem.

I'm no longer updating this page. When I began publishing this compendium, a hacker could get news coverage by vowing to concentrate on Microsoft products and to prove their vulnerability. At that time almost all known security weaknesses in Net computers were to be found in Unix machines.

The NT Security page features useful pointers to background material on these and other potential NT vulnerabilities. Microsoft's authoritative response to its ongoing security problems can be found on this issues page.


Subscribe to the weekly email newsletter in which these exploits appeared when they were news. Rob Malda, aka Cmdr. Taco, has called TBTF "The best nerd news (besides Slashdot) out there."
email address

 


Bug Exploit by Date TBTF MSIE? W-95? W-NT? Damage Attacks via Fix
#0 (anony-
mous)
1997-01-21 1997-01-29 -- no yes Can consume all available CPU cycles from across the Net telnet to port 135 bul
#1 Paul
Greene
1997-02-27 1997-03-09 3.0,
3.01
yes 4.0 Can run arbitrary program on your PC .url or .lnk file bul
#2 David
Ross
1997-03-04 1997-03-04 3.0,
3.01,
3.01a
no 4.0 w /
SP 1
or 2
Can run program if you double-click, w/no firewall CIFS bul
#3 Chris
Rioux
1997-03-07 1997-03-09 3.01 yes no Can run arbitrary program on your PC .isp file bul
#4 Aaron
Spangler
1997-03-14 1997-03-21 any,
or NN
no yes Obtains username, hashed password SMB bul
#5 Paul
Ashton
1997-03-17 1997-03-21 any no yes Obtains username, hashed password, more NTLM bul
#6 Steve
Birnbaum
1997-03-15 1997-03-21 any no yes Obtains plaintext password SMB bul
not a bug #7 Tea Vui
Huang
1997-03-14 1997-04-04 any no yes Can disable IE security if you agree .reg file --
not a bug #8 Jeremy
Allison,
Jonathan
Wilkins
1997-03-31 1997-04-04 -- no yes Can be used to obtain plaintext passwords if security policy is lax SAM (PWdump, NTcrack) --
#8a Dan
Gordon
1997-04-18 1997-04-21 -- yes yes Can reveal user names and passwords in plain text from ODBC log ODBC Trace in Office 97 bul
#9 Andrew
Smith
1997-05-07 1997-05-08 3 yes yes Can run arbitrary program on your PC PowerPoint presentation bul
#10 "_eci" 1997-05-07 1997-05-22 --yes yes Can crash or freeze any Windows PC from across the Net TCP/IP OOB data to port 139 sp3
sp2
3.51
95
#11 Todd Fast 1997-06-18 1997-06-23 ---- yes Can crash IIS from across the Net Request a specific, non-deterministic URL intel
alpha
#12 Ben Mesander 1997-08-07 1997-08-11 IE3 (also affects Netscape Navigator & HotJava; Macintosh immune) Can make network connection to arbitrary IP address Java VM bug W3.1 / NT3.51 US
W3.1 / NT3.51 export
W95 / NT4
#13 Tim Macinta 1997-09-08 1997-09-09 IE3 (Macintosh, Win 3.1 immune) Can overwrite files on disk MS extensions to Java W95 / NT4
#14 Ralf Hueskes 1997-10-16 1997-10-20 IE4 (Macintosh immune) Can steal known files from disk Dynamic HTML, Active Scripting intel
#15 dildog 1997-11-10 1997-11-10 IE4 (Windows) Can execute arbitrary code locally res:// scheme bul
#16 dildog 1998-01-14 1998-01-19 IE4 & 4.01, W95 and NT Can execute arbitrary code locally mk:// scheme bul
#17 San Diego Source 1998-06-26 1998-07-20 any non-IIS server on NT Shows contents of scripts add "." to URL  
#18 Paul Aston 1998-06-30 1998-07-20 any server on NT Shows contents of scripts add ":$$data" to URL bul
#19 Microsoft 1998-07-15 1998-07-20 IIS 4.0 Allows illicit remote ODBC access Remote Data Service / DataFactory bul
#20 Dr. Solomon's 1998-06-03 1998-07-20 any Win32 Trojan horse mails encrypted password file Dialup Data Networking bul


TBTF
H
OME
CURRENT
ISSUE
TBTF
L
OG
TABLE OF
CONTENTS
TBTF
T
HREADS
SEARCH
TBTF

Copyright © 1994-2017 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.

Most recently updated 1999-10-01