Why this page ?
This page is a list of vulnerabilities that remain unpatched, it is our hope that the increased awareness brought forth may help further the research necessary to properly secure them.
Vulnerabilities listed on this page work (among others) with the latest versions of Internet Explorer, with all patches installed.
Until proper patches have been provided, the only fix to some of these vulnerabilities is to disable scripting.
This page is, and always will be, a work in progress. This is not a definitive list of vulnerabilities.
11 September 2003: There are currently 31 unpatched vulnerabilities.
The latest cumulative Internet Explorer patch
is released August 20, 2003 with the identifier MS03-032.
Cumulative patches combine all previous IE patches, and should be considered mandatory installs.
11 September 2003: Added Media bar ressource injection by jelmer
10 September 2003: Added file-protocol proxy by Liu Die Yu
10 September 2003: Added NavigateAndFind protocol history by Liu Die Yu
10 September 2003: Added window.open search injection by Liu Die Yu
10 September 2003: Added NavigateAndFind file proxy by Liu Die Yu
10 September 2003: Added Timed history injection by Liu Die Yu
10 September 2003: Added history.back method caching by Liu Die Yu
10 September 2003: Added Click hijacking by Liu Die Yu
9 September 2003: Re-added Re-evaluating HTML elavation
26 August 2003: Added ADODB.Stream local file writing by jelmer
20 August 2003: Changed latest cumulative IE patch link, MS03-032 released
5 August 2003: Added Notepad popups by Richard M. Smith
4 August 2003: Added protocol control chars by badWebMasters