During the last few years, a significant increase in attacks exploiting vulnerabilities in commonly used programs such as Adobe Acrobat and Reader or Microsoft Office is being observed. This is currently the primary initial infection vector used to compromise computers that have Internet access.

Although there are many ways to protect against these attacks and threats, governments and corporations need to leverage the most detailed security intelligence to evaluate and qualify risks, and protect their infrastructures and assets.

VUPEN Security provides in-depth binary analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code auditing.

Only Available for trusted organizations

Because of the sensitive nature of the information provided through this service, VUPEN Security has defined strict eligibility criteria for participants. VUPEN Security solely reserves the right to determine whether an organization or corporation meets the criteria.

Eligible organizations are:

- Trusted Security Vendors Providing Defensive Software or Hardware (Antivirus, IPS, IDS)
- Governments, Law Enforcement, and CERTs (countries members of NATO, ANZUS, ASEAN)
- Worldwide Corporations and MSSPs (Fortune 1000, Finance, Technology, Research)

               BA for Security Vendors                 BA for Corporations & MSSPs
               BA for Governments & CERTs         Receive More Information     

Why subscribe to this service?

With 20 to 25 binary analysis and private exploits/PoCs released each month, the VUPEN In-Depth Binary Analysis and Exploits service allows organizations and corporations to evaluate and qualify risks, and protect national infrastructures and corporate assets from emerging attacks.

As a subscriber, you will also have a direct access to the VUPEN Vulnerability Research Team, the most active security team in the world.

Latest Binary Analysis and Exploits/PoCs Released by VUPEN

Oracle Beehive "voice-servlet" Remote File Creation Code Execution (CVE-2010-4417) [BA/Exploit]

Novell GroupWise VCALENDAR "TZID" Variable Remote Buffer Overflow (CVE-2010-4325) [BA/Exploit]

Opera Browser HTML "select" Element Children Integer Truncation (NO-MATCH) [BA/Exploit]

Microsoft Data Access Components Remote Integer Overflow (MS11-002 / CVE-2011-0027) [BA/PoC]

HP Photo Creations "audio.Record" ActiveX Control Buffer Overflow (NO-MATCH) [BA/Exploit]

Microsoft WMI Administrative Tools Trusted Value Code Execution (CVE-2010-3973) [BA/Exploit]

Wireshark MAC-LTE Dissector "dissect_rar()" Function Buffer Overflow (CVE-2011-0444) [BA/PoC]

Wireshark "dissect_enttec_dmx_data()" Function Buffer Overflow (CVE-2010-4538) [BA/Exploit]

VLC Media Player Real Demuxer File Processing Array Indexing (CVE-2010-3907) [BA/PoC]

Microsoft Windows Graphics Rendering Engine Remote Buffer Overflow (CVE-2010-3970) [BA/Exploit]

Microsoft Windows Fax Cover Page Editor COV File Buffer Overflow (NO-MATCH) [BA/PoC]

CA XOsoft Products SOAP Request Handling Remote Buffer Overflow (CVE-2010-3984) [BA/PoC]

Microsoft Windows "EnableEudc()" Function Local Buffer Overflow (CVE-2010-4398) [BA/Exploit]

Microsoft Internet Information Services (IIS) FTP Service Buffer Overflow (NO-MATCH) [BA/PoC]

Microsoft Windows "Win32k.sys" Driver Local Memory Corruption (MS10-098 / CVE-2010-3944) [BA/PoC]