|
|
Major and Publicly Disclosed Zero-Days
|
VUPEN Public Zero-Day Monitor is a comprehensive resource for up-to-date information on the latest
public zero-day threats, risks and vulnerabilities. Please send your comments to : team@vupen.com
|
Oracle Database TNS Listener Remote Poison Attack Vulnerability |
A vulnerability has been identified in Oracle Database, which could be exploited by remote unauthenticated attackers to bypass restrictions and gain unauthorized access.
Rated as : Critical  |
Disclosure Date : 2012-04-30 -> 17 Days of Exposure |
|
|
|
Microsoft .NET Runtime Optimization Service Local Privilege Escalation |
A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to gain elevated privileges.
Rated as : Moderate Risk  |
Disclosure Date : 2011-03-08 -> 435 Days of Exposure |
|
|
|
Microsoft Internet Explorer Popup Window Address Bar Spoofing |
A security issue has been identified in Microsoft Internet Explorer, which could allow malicious web sites to conduct phishing attacks.
Rated as : Low Risk  |
Disclosure Date : 2011-03-07 -> 436 Days of Exposure |
|
|
|
CA Secure Content Manager "ECSQdmn.exe" Heap Overflow Vulnerability |
A vulnerability has been identified in CA Secure Content Manager, which could be exploited by remote attackers to take complete control of a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2011-02-08 -> 463 Days of Exposure |
|
|
|
Microsoft Exchange Server Outlook Web Access Session Hijacking |
A vulnerability has been identified in Microsoft Exchange Server, which could be exploited by attackers to manipulate or obtain certain information.
|
Rated as : Low Risk |
Disclosure Date : 2010-09-14 -> 611 Days of Exposure |
|
|
|
Microsoft Windows Gzip Libraries Code Execution Vulnerability |
A vulnerability has been identified in Microsoft Windows and Windows Services for UNIX, which could be exploited by attackers to compromise a vulnerable system.
Rated as : High Risk  |
Disclosure Date : 2009-03-26 -> 1147 Days of Exposure |
|
|
|
Microsoft Web Proxy Auto-Discovery Information Disclosure Vulnerability |
A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to gain knowledge of sensitive information.
|
Rated as : Low Risk |
Disclosure Date : 2007-12-04 -> 1625 Days of Exposure |
|
|
|
Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow Vulnerability |
A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system.
|
Rated as : Moderate Risk |
Disclosure Date : 2007-09-18 -> 1703 Days of Exposure |
|
|
|
Microsoft DirectX Media SDK "SourceUrl" Remote Buffer Overflow Vulnerability |
A vulnerability has been identified in Microsoft DirectX Media SDK, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.
|
Rated as : Critical |
Disclosure Date : 2007-08-13 -> 1739 Days of Exposure |
|
|
Recently fixed zero-day vulnerabilities:
|
|
Microsoft Windows "Win32k.sys" Driver Memory Corruption Vulnerability |
A memory corruption vulnerability exists in Microsoft Windows when processing certain data via the "Win32k.sys" kernel mode driver.
|
Rated as : Critical |
Disclosure Date : 2011-12-18 -> 58 Days of Exposure |
|
|
|
Adobe Acrobat and Reader PDF U3D and PRC Code Execution (0day) |
Two vulnerabilities have been identified in Adobe Acrobat and Reader, which could be exploited by attackers to compromise a vulnerable system via a specially crafted PDF document as exploited in the wild in targeted attacks.
|
Rated as : Critical |
Disclosure Date : 2011-12-06 -> 37 Days of Exposure |
|
|
|
Microsoft Windows TrueType Font Parsing Code Execution Vulnerability |
A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to compromise a vulnerable system via a specially crafted web page or Office document as exploited in the wild by the Duqu malware.
|
Rated as : Critical |
Disclosure Date : 2011-11-02 -> 42 Days of Exposure |
|
|
|
Opera Browser SVG Data Processing Remote Code Execution |
A vulnerability has been identified in Opera, which could be exploited by attackers to compromise a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2011-10-14 -> 5 Days of Exposure |
|
|
|
BlackBerry Smartphones Browser WebKit Style Handling Memory Corruption |
A vulnerability has been identified in various BlackBerry smartphones, which could be exploited by attackers to compromise a vulnerable smartphone.
|
Rated as : Critical |
Disclosure Date : 2011-03-15 -> 209 Days of Exposure |
|
|
|
Apache HTTP Server Range Header Remote Denial of Service Vulnerability |
A vulnerability has been identified in Apache HTTP Server, which could be exploited by remote attackers to cause a denial of service.
|
Rated as : Moderate Risk |
Disclosure Date : 2011-08-24 -> 6 Days of Exposure |
|
|
|
Apple iPhone / iPad / iPod Remote Code Execution and Sandbox Bypass |
Two vulnerabilities have been identified in Apple iOS for iPhone, iPad and iPod, which could be exploited by remote attackers to take complete control of a vulnerable device.
|
Rated as : Critical |
Disclosure Date : 2011-07-07 -> 9 Days of Exposure |
|
|
|
HP Data Protector Manager and Client Code Execution Vulnerabilities |
Multiple vulnerabilities have been identified in HP Data Protector, which could be exploited by remote attackers to compromise a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2011-02-08 -> 76 Days of Exposure |
|
|
|
Adobe Acrobat and Reader "authplay.dll" Code Execution Vulnerability |
A vulnerability has been identified in Adobe Acrobat and Reader, which could be exploited by remote attackers to execute arbitrary code.
|
Rated as : Critical |
Disclosure Date : 2011-04-12 -> 9 Days of Exposure |
|
|
|
Adobe Flash Player Content Processing Code Execution Vulnerability |
A vulnerability has been identified in Adobe Flash Player, which could be exploited by remote attackers to execute arbitrary code.
|
Rated as : Critical |
Disclosure Date : 2011-04-12 -> 3 Days of Exposure |
|
|
|
Microsoft WMI Administrative Tools Remote Code Execution (MS11-027) |
A vulnerability has been identified in Microsoft WMI Administrative Tools, which could be exploited by remote attackers to compromise a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2010-12-22 -> 110 Days of Exposure |
|
|
|
Microsoft Windows Fax Cover Page Editor Code Execution (MS11-024) |
Two vulnerabilities have been identified in Microsoft Windows, which could be exploited by attackers to execute arbitrary code.
|
Rated as : High Risk |
Disclosure Date : 2010-12-27 -> 105 Days of Exposure |
|
|
|
Microsoft Internet Explorer Memory References Use-after-free (MS11-018) |
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2011-01-05 -> 96 Days of Exposure |
|
|
|
Microsoft Windows MHTML Remote Information Disclosure (MS11-026) |
A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to gain knowledge of sensitive information.
|
Rated as : Low Risk |
Disclosure Date : 2011-01-29 -> 72 Days of Exposure |
|
|
|
Microsoft Office Excel Document Parsing Code Execution (MS11-021) |
Multiple vulnerabilities have been identified in Microsoft Office Excel, which could be exploited by attackers to compromise a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2011-02-08 -> 62 Days of Exposure |
|
|
|
Microsoft Office PowerPoint OfficeArt Atom Code Execution (MS11-022) |
A vulnerability has been identified in Microsoft Office PowerPoint, which could be exploited by attackers to compromise a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2011-02-08 -> 62 Days of Exposure |
|
|
|
Microsoft Windows SMB "mrxsmb.sys" Remote Heap Overflow (MS11-019) |
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers or malicious users to cause a denial of service or take complete control of a vulnerable system.
|
Rated as : Critical |
Disclosure Date : 2011-02-15 -> 55 Days of Exposure |
|
|
|
Adobe Flash Player Content Processing Code Execution Vulnerability |
A vulnerability has been identified in Adobe Flash Player, which could be exploited by remote attackers to execute arbitrary code.
|
Rated as : Critical |
Disclosure Date : 2011-03-15 -> 7 Days of Exposure |
|
|
|
Adobe Acrobat and Reader "authplay.dll" Code Execution Vulnerability |
A vulnerability has been identified in Adobe Acrobat and Reader, which could be exploited by remote attackers to execute arbitrary code.
|
Rated as : Critical |
Disclosure Date : 2011-03-15 -> 7 Days of Exposure |
|
|
|
Microsoft Windows "EnableEudc()" Local Buffer Overflow (MS11-011) |
A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to take complete control of a vulnerable system.
|
Rated as : Moderate Risk |
Disclosure Date : 2010-11-24 -> 76 Days of Exposure |
|
|
|
|
|
Monthly Statistics |
 |
|
VUPEN
Security Advisories By Criticality: May 2012 |
|
Critical Risk
|
:
67% |
High Risk |
:
0% |
Moderate Risk |
:
30% |
Low Risk |
:
3% |
|
|
|
| |
|
 |
| |
|
|
|
|
|
