Browser Security Test
Scanit offers penetration tests, vulnerability assessments and web application audits.
Scanit offers 5-day training on ethical hacking.
A Year Of Bugs
Page 3 out of 5 Previous page Next pageMicrosoft Internet Explorer
The table below demonstrates the timeline of "remote code execution" bugs in Internet Explorer.
The leftmost column shows the month of the year. The timeline begins in 2003 since some of the bugs fixed in 2004 were discovered in 2003. The yellow and red lines show the lifespan of the bugs. The line begins when the bug is published and ends when the patch is available. Yellow lines show the bugs discovered and published by security researchers. Red lines mean that a virus or a worm exploiting the bug was found "in the wild".
We can see that IE didn't get a clean start in 2004. There were two known unpatched scripting bugs discovered by Liu Die Yu in November 2003 and the GIF double free vulnerability discovered in September 2003. It didn't get much better. Actually there was only one period in 2004 when there were no publicly known remote code execution bugs - between the 12th and the 19th of October - 7 days in total. That means that a fully patched Internet Explorer installation was known to be unsafe for 98% of 2004. And for 200 days (that is 54% of the time) in 2004 there was a worm or virus in the wild exploiting one of those unpatched vulnerabilities.
IE ended 2004 with the unpatched HTML Help ActiveX control vulnerability and Trojan.Phel using it to install a backdoor.
| Year 2003 | 2 Sep | Marc Ruef notices and
Tim |
|||||||
| 25 Nov | Liu Die Yu discloses BackToFramedJpu (CVE CAN-20031-026) and HijackClickv2 (CVE CAN-2003-1027) | ||||||||
| January | |||||||||
| February | 2 Feb | MS04-004 fixes BackToFramedJpu (CVE CAN-20031-026) and HijackClickv2 (CVE CAN-2003-1027) | |||||||
| 13 Feb | Thor Larholm describes CHM vulnerability (CAN-2004-0380) seen in the wild. Also published by K-Otik on 19 Feb. | ||||||||
| March | |||||||||
| April | |||||||||
| 13 Apr | MS04-013 fixes CHM vulnerability (CAN-2004-0380) | ||||||||
| 25 Apr | Rodrigo Gutierrez discloses Long Share Name Overflow vulnerability (CAN-2004-0214) | ||||||||
| May | |||||||||
| 14 May | Modal Dialog Zone Bypass vulnerability (CAN-2004-0549) is noted by Greg Kujawa in the wild | ||||||||
| June | |||||||||
| 6 Jun | Jelmer posts his analysis of Modal Dialog Zone Bypass vulnerability (CAN-2004-0549) | ||||||||
| July | |||||||||
| 11 Jul | Paul (GreyHats) discloses Method Assignment vulnerability (CAN-2004-0727) and Popup.show() Mouse Event vulnerability | ||||||||
| 30 Jul | MS04-025 fixes Modal Dialog Zone Bypass vulnerability (CAN-2004-0549) and GIF double free vulnerability (CAN 2003-1048) | ||||||||
| August | |||||||||
| 18 Aug 2004 | http-equiv discloses Drag and Drop vulnerability (CAN-2004-0839) | ||||||||
| September | |||||||||
| 7 Sep | An exploit using Method Assignment vulnerability (CAN-2004-0727), Popup.show() Mouse Event Hijacking vulnerability (CAN-2004-0841) and Drag and Drop vulnerability (CAN-2004-0839) is spotted in the wild by Martin Stricker | ||||||||
| October | |||||||||
| 12 Oct | MS04-037 fixes Long Share Name Overflow vulnerability (CAN-2004-0214).MS04-038 fixes Method Assignment vulnerability (CAN-2004-0727), Popup.show() Mouse Event Hijacking vulnerability (CAN-2004-0841) and Drag and Drop vulnerability (CAN-2004-0839) | ||||||||
| 19 Oct | http-equiv discloses HTML Help ActiveX control Cross Domain Vulnerability (CAN-2004-1043) | ||||||||
| 25 Oct | Ned (felinemenace.org) discovers IFRAME buffer overflow (CAN-2004-1050) using Michal Zalewski's mangleme program | ||||||||
| November | |||||||||
| 8 Nov | Bofra worm exploiting IFRAME buffer overflow (CAN-2004-1050) is discovered in the wild | ||||||||
| December | 1 Dec | MS04-040 fixes IFRAME buffer overflow (CAN-2004-1050) | |||||||
| 21 Dec | Paul (GreyHats) and Michael Evanchik demonstrate a fully automated exploit using HTML Help ActiveX control Cross Domain Vulnerability (CAN-2004-1043) | ||||||||
| 27 Dec | Symantec discovers a trojan exploitng HTML Help ActiveX control Cross Domain Vulnerability (CAN-2004-1043) in the wild. | ||||||||
| January 2005 | |||||||||
| 11 Jan 2005 | MS05-001 partially fixes HTML Help ActiveX control Cross Domain Vulnerability (CAN-2004-1043) by disallowing access to HTML Help ActiveX control from Internet zone. According to Valentin Avram the vulnerability remains remotely exploitable on Windows XP Service Pack 1 or Windows 2000 Service Pack 4, fully patched up-to-date (MS05-001 included). |
Page 3 out of 5 Previous page Next page