Published Advisories

The following is a list of all publicly disclosed vulnerabilities discovered by TippingPoint DVLabs researchers. While the affected vendor is working on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. TippingPoint customers are additionally protected against 0day vulnerabilities discovered by ZDI researchers. A list of published advisories discovered through the Zero Day Initiative extended research network is available from:

http://www.zerodayinitiative.com/advisories/published

CA ETrust Secure Content Manager Gateway FTP Listing Display Stack Overflow Vulnerability: Severity: High; TPTI-08-05; Published On: 2008-06-04; Discovered By: Cody Pierce Reported On: 2008-05-19 (16 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust SCM. Authentication is not required to exploit this vulnerability.
Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability: Severity: High; TPTI-08-04; Published On: 2008-05-13; Discovered By: Aaron Portnoy Reported On: 2008-04-19 (24 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects.
Microsoft Excel Rich Text Memory Corruption Vulnerability: Severity: High; TPTI-08-03; Published On: 2008-03-11; Discovered By: Cody Pierce Reported On: 2007-10-17 (146 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.
Cisco Call Manager CTLProvider Heap Overflow Vulnerability: Severity: High; TPTI-08-02; Published On: 2008-01-16; Discovered By: Cody Pierce Reported On: 2007-06-04 (226 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability.
Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability: Severity: High; TPTI-08-01; Published On: 2008-01-15; Discovered By: Cody Pierce Reported On: 2007-10-19 (88 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
Adobe Flash Player JPG Processing Heap Overflow Vulnerability: Severity: High; TPTI-07-21; Published On: 2007-12-19; Discovered By: Aaron Portnoy Reported On: 2007-11-02 (47 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Apple Quicktime Movie Stack Overflow Vulnerability: Severity: High; TPTI-07-20; Published On: 2007-11-14; Discovered By: Cody Pierce Reported On: 2007-10-19 (26 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple software. User interaction is required to exploit this vulnerability.
CA Multiple Product DBASVR RPC Server Pointer Arithmetic Vulnerablities: Severity: High; TPTI-07-19; Published On: 2007-10-16; Discovered By: Pedram Amini Reported On: 2006-11-01 (349 days to patch)
These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit these vulnerabilities and both client and servers are affected.
EMC RepliStor Server Heap Overflow Vulnerability: Severity: High; TPTI-07-18; Published On: 2007-10-10; Discovered By: Aaron Portnoy Reported On: 2007-07-20 (82 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of EMC RepliStor Server. User interaction is not required to exploit this vulnerability.
CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities: Severity: High; TPTI-07-17; Published On: 2007-10-02; Discovered By: Aaron Portnoy Reported On: 2006-11-01 (335 days to patch)
These vulnerabilities allow a remote attacker to inject arbitrary SQL into the backend database on vulnerable installations of CA BrightStor Hierarchical Storage Manager. Authentication is not required to exploit these vulnerabilities.
CA BrightStor Hierarchical Storage Manager Buffer Overflow Vulnerabilities: Severity: High; TPTI-07-16; Published On: 2007-10-02; Discovered By: Aaron Portnoy Reported On: 2006-11-01 (335 days to patch)
These vulnerabilities allow a remote attacker to execute arbitrary code on vulnerable installations of Computer Associates' BrightStor Hierarchical Storage Manager. Authentication is not required to exploit these vulnerabilities.
Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability: Severity: High; TPTI-07-15; Published On: 2007-09-17; Discovered By: Ganesh Devarajan Reported On: 2007-08-20 (28 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Automated Solutions Modbus TCP Slave ActiveX Control. Authentication is not required to exploit this vulnerability.
HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities: Severity: High; TPTI-07-14; Published On: 2007-08-14; Discovered By: Pedram Amini, Cody Pierce, Aaron Portnoy Reported On: 2006-10-10 (308 days to patch)
These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products. Authentication is not required to exploit these vulnerabilities.
Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability: Severity: High; TPTI-07-13; Published On: 2007-07-24; Discovered By: Cody Pierce Reported On: 2007-01-31 (174 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit this vulnerability.
Multiple Vendor Progress Server Heap Overflow Vulnerability: Severity: High; TPTI-07-12; Published On: 2007-07-12; Discovered By: Aaron Portnoy Reported On: 2007-03-14 (120 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RSA Authentication Manager and other products that include the Progress server. User interaction is not required to exploit this vulnerability.
Multiple Vendor SQL fbserver 'connect' Buffer Overflow Vulnerability: Severity: High; TPTI-07-11; Published On: 2007-06-11; Discovered By: Cody Pierce Reported On: 2007-02-01 (130 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL. Authentication is not required to exploit this vulnerability.
Centennial Software XFERWAN Stack Overflow Vulnerability: Severity: High; TPTI-07-10; Published On: 2007-06-04; Discovered By: Cody Pierce Reported On: 2007-03-07 (89 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Centennial Software XFERWAN component. Authentication is not required to exploit this vulnerability.
Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability: Severity: High; TPTI-07-09; Published On: 2007-06-04; Discovered By: Pedram Amini Reported On: 2006-06-22 (347 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Business Objects Crystal Reports. Exploitation requires the target to visit a malicious web site.
Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability: Severity: High; TPTI-07-08; Published On: 2007-06-04; Discovered By: Aaron Portnoy Reported On: 2007-02-08 (116 days to patch)
This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability.
Apple QuickTime STSD Parsing Heap Overflow Vulnerability: Severity: High; TPTI-07-07; Published On: 2007-05-10; Discovered By: Ganesh Devarajan Reported On: 2006-06-16 (328 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption Vulnerability: Severity: High; TPTI-07-06; Published On: 2007-05-02; Discovered By: Pedram Amini Reported On: 2007-02-15 (76 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability.
IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities: Severity: High; TPTI-07-05; Published On: 2007-05-02; Discovered By: Aaron Portnoy Reported On: 2006-12-18 (135 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Tivoli Provisioning Manager for OS Deployment. Authentication is not required to exploit this vulnerability.
LANDesk Management Suite Alert Service Stack Overflow Vulnerability: Severity: High; TPTI-07-04; Published On: 2007-04-13; Discovered By: Aaron Portnoy Reported On: 2007-03-08 (36 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of LANDesk Management Suite. User interaction is not required to exploit this vulnerability.
America Online SuperBuddy ActiveX Control Code Execution Vulnerability: Severity: High; TPTI-07-03; Published On: 2007-03-30; Discovered By: Cody Pierce Reported On: 2006-07-18 (255 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities: Severity: High; TPTI-07-02; Published On: 2007-02-20; Discovered By: Pedram Amini Reported On: 2007-02-01 (19 days to patch)
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities.
Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities: Severity: High; TPTI-07-01; Published On: 2007-02-20; Discovered By: Pedram Amini Reported On: 2007-01-19 (32 days to patch)
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities.
Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability: Severity: High; TPTI-06-15; Published On: 2006-12-06; Discovered By: Aaron Portnoy Reported On: 2006-09-19 (78 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server Client for Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-14; Published On: 2006-12-04; Discovered By: TippingPoint Security Research Team Reported On: 2006-05-09 (209 days to patch)
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities.
HP OpenView Client Configuration Manager Device Code Execution Vulnerability: Severity: High; TPTI-06-13; Published On: 2006-11-08; Discovered By: Pedram Amini Reported On: 2006-10-10 (29 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected.
CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability: Severity: High; TPTI-06-12; Published On: 2006-10-05; Discovered By: Pedram Amini Reported On: 2006-04-27 (161 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserver Backup. Authentication is not required exploit this vulnerability and both the client and server are affected.
CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-11; Published On: 2006-10-05; Discovered By: Pedram Amini Reported On: 2006-03-28 (191 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit this vulnerability and both client and servers are affected.
Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability: Severity: High; TPTI-06-10; Published On: 2006-08-08; Discovered By: Pedram Amini Reported On: 2006-02-28 (161 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed.
Microsoft DirectAnimation COM Object Memory Corruption Vulnerability: Severity: High; TPTI-06-09; Published On: 2006-08-08; Discovered By: Cody Pierce Reported On: 2006-04-27 (103 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Microsoft Internet Help COM Object Memory Corruption Vulnerability: Severity: High; TPTI-06-08; Published On: 2006-08-08; Discovered By: Cody Pierce Reported On: 2006-04-27 (103 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-07; Published On: 2006-08-08; Discovered By: Pedram Amini Reported On: 2006-05-10 (90 days to patch)
These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit these vulnerabilities.
CA eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability: Severity: High; TPTI-06-06; Published On: 2006-08-07; Discovered By: Mathew Murphy Reported On: 2006-07-17 (21 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Computer Associates eTrust AntiVirus WebScan ActiveX component. Successful exploitation requires that the target user browse to a malicious web page.
CA eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability: Severity: High; TPTI-06-05; Published On: 2006-08-07; Discovered By: Mathew Murphy Reported On: 2006-07-17 (21 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Computer Associates eTrust AntiVirus WebScan ActiveX component. Successful exploitation requires that the target user browse to a malicious web page.
eIQnetworks ESA Topology Server Buffer Overflow Vulnerability: Severity: High; TPTI-06-04; Published On: 2006-07-25; Discovered By: Cody Pierce Reported On: 2006-05-10 (76 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit this vulnerability.
eIQnetworks ESA Syslog Server Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-03; Published On: 2006-07-25; Discovered By: Cody Pierce Reported On: 2006-05-10 (76 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit this vulnerability.
Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability: Severity: High; TPTI-06-02; Published On: 2006-07-11; Discovered By: Pedram Amini Reported On: 2006-03-01 (132 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.
Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability: Severity: High; TPTI-06-01; Published On: 2006-03-27; Discovered By: TippingPoint Security Research Team Reported On: 2006-01-23 (63 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable Symantec VERITAS NetBackup client and server installations. Authentication is not required to exploit this vulnerability.

Published Advisories

2008

2007

2006

Published Advisories

Upcoming Advisories

Blog Entries