(A Javascript-enabled browser is required to email me.)
Tasty logo & award

Microsoft security exploits

This table summarizes a number of bugs and security concerns found in Microsoft products in 1997 and 1998, particularly in Microsoft Internet Explorer as it interacts with other operating-system features. In most cases the discoverer of a vulnerability posted an exploit site to demonstrate the problem.

I'm no longer updating this page. When I began publishing this compendium, a hacker could get news coverage by vowing to concentrate on Microsoft products and to prove their vulnerability. At that time almost all known security weaknesses in Net computers were to be found in Unix machines.

The NT Security page features useful pointers to background material on these and other potential NT vulnerabilities. Microsoft's authoritative response to its ongoing security problems can be found on this issues page.

Subscribe to the weekly email newsletter in which these exploits appeared when they were news. Rob Malda, aka Cmdr. Taco, has called TBTF "The best nerd news (besides Slashdot) out there."
email address


Bug Exploit by Date TBTF MSIE? W-95? W-NT? Damage Attacks via Fix
#0 (anony-
1997-01-21 1997-01-29 -- no yes Can consume all available CPU cycles from across the Net telnet to port 135 bul
#1 Paul
1997-02-27 1997-03-09 3.0,
yes 4.0 Can run arbitrary program on your PC .url or .lnk file bul
#2 David
1997-03-04 1997-03-04 3.0,
no 4.0 w /
SP 1
or 2
Can run program if you double-click, w/no firewall CIFS bul
#3 Chris
1997-03-07 1997-03-09 3.01 yes no Can run arbitrary program on your PC .isp file bul
#4 Aaron
1997-03-14 1997-03-21 any,
or NN
no yes Obtains username, hashed password SMB bul
#5 Paul
1997-03-17 1997-03-21 any no yes Obtains username, hashed password, more NTLM bul
#6 Steve
1997-03-15 1997-03-21 any no yes Obtains plaintext password SMB bul
not a bug #7 Tea Vui
1997-03-14 1997-04-04 any no yes Can disable IE security if you agree .reg file --
not a bug #8 Jeremy
1997-03-31 1997-04-04 -- no yes Can be used to obtain plaintext passwords if security policy is lax SAM (PWdump, NTcrack) --
#8a Dan
1997-04-18 1997-04-21 -- yes yes Can reveal user names and passwords in plain text from ODBC log ODBC Trace in Office 97 bul
#9 Andrew
1997-05-07 1997-05-08 3 yes yes Can run arbitrary program on your PC PowerPoint presentation bul
#10 "_eci" 1997-05-07 1997-05-22 --yes yes Can crash or freeze any Windows PC from across the Net TCP/IP OOB data to port 139 sp3
#11 Todd Fast 1997-06-18 1997-06-23 ---- yes Can crash IIS from across the Net Request a specific, non-deterministic URL intel
#12 Ben Mesander 1997-08-07 1997-08-11 IE3 (also affects Netscape Navigator & HotJava; Macintosh immune) Can make network connection to arbitrary IP address Java VM bug W3.1 / NT3.51 US
W3.1 / NT3.51 export
W95 / NT4
#13 Tim Macinta 1997-09-08 1997-09-09 IE3 (Macintosh, Win 3.1 immune) Can overwrite files on disk MS extensions to Java W95 / NT4
#14 Ralf Hueskes 1997-10-16 1997-10-20 IE4 (Macintosh immune) Can steal known files from disk Dynamic HTML, Active Scripting intel
#15 dildog 1997-11-10 1997-11-10 IE4 (Windows) Can execute arbitrary code locally res:// scheme bul
#16 dildog 1998-01-14 1998-01-19 IE4 & 4.01, W95 and NT Can execute arbitrary code locally mk:// scheme bul
#17 San Diego Source 1998-06-26 1998-07-20 any non-IIS server on NT Shows contents of scripts add "." to URL  
#18 Paul Aston 1998-06-30 1998-07-20 any server on NT Shows contents of scripts add ":$$data" to URL bul
#19 Microsoft 1998-07-15 1998-07-20 IIS 4.0 Allows illicit remote ODBC access Remote Data Service / DataFactory bul
#20 Dr. Solomon's 1998-06-03 1998-07-20 any Win32 Trojan horse mails encrypted password file Dialup Data Networking bul

Most recently updated 1999-10-01