Published Advisories

The following is a list of all publicly disclosed vulnerabilities discovered by TippingPoint DVLabs researchers. While the affected vendor is working on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. TippingPoint customers are additionally protected against 0day vulnerabilities discovered by ZDI researchers. A list of published advisories discovered through the Zero Day Initiative extended research network is available from:

http://www.zerodayinitiative.com/advisories/published

HP Data Protector Server Cell Manager Remote Code Execution Vulnerability: Severity: High; TPTI-10-01; Published On: 2010-01-21; Discovered By: Aaron Portnoy Reported On: 2007-07-09 (927 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector Server. Authentication is not required to exploit this vulnerability.
HP OpenView Data Protector Cell Manager Heap Overflow Vulnerability: Severity: High; TPTI-09-15; Published On: 2009-12-17; Discovered By: Pedram Amini Reported On: 2006-10-10 (1164 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Data Protector. Authentication is not required to exploit this vulnerability.
HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability: Severity: High; TPTI-09-14; Published On: 2009-12-09; Discovered By: Aaron Portnoy Reported On: 2009-08-06 (125 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability: Severity: High; TPTI-09-13; Published On: 2009-12-09; Discovered By: Aaron Portnoy Reported On: 2009-07-23 (139 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability: Severity: High; TPTI-09-12; Published On: 2009-12-09; Discovered By: Aaron Portnoy Reported On: 2009-07-21 (141 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
HP OpenView NNM OvWebHelp.exe CGI Topic Heap Overflow Vulnerability: Severity: High; TPTI-09-11; Published On: 2009-12-09; Discovered By: Aaron Portnoy Reported On: 2009-07-20 (142 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability: Severity: High; TPTI-09-10; Published On: 2009-12-09; Discovered By: Aaron Portnoy Reported On: 2009-07-16 (146 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability: Severity: High; TPTI-09-09; Published On: 2009-12-09; Discovered By: Aaron Portnoy Reported On: 2009-07-16 (146 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability: Severity: High; TPTI-09-08; Published On: 2009-12-09; Discovered By: Aaron Portnoy Reported On: 2009-07-13 (149 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
Microsoft Windows License Logging Service Heap Corruption Vulnerability: Severity: High; TPTI-09-07; Published On: 2009-11-10; Discovered By: Cody Pierce Reported On: 2009-06-15 (148 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required on certain configurations to exploit this vulnerability.
Microsoft Windows Workstation Service NetrGetJoinInformation Heap Corruption Vulnerability: Severity: Medium; TPTI-09-06; Published On: 2009-08-11; Discovered By: Cody Pierce Reported On: 2009-05-11 (92 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Valid user credentials are required to exploit this vulnerability.
Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability: Severity: High; TPTI-09-05; Published On: 2009-07-14; Discovered By: Aaron Portnoy Reported On: 2009-06-17 (27 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file.
Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability: Severity: High; TPTI-09-04; Published On: 2009-06-02; Discovered By: Rob King Reported On: 2009-05-06 (27 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Terminal. User interaction is required to exploit this vulnerability in that the target must visit a malicious page
Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities: Severity: High; TPTI-09-03; Published On: 2009-06-02; Discovered By: Rob King Reported On: 2009-04-09 (54 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iTunes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow Vulnerability: Severity: High; TPTI-09-02; Published On: 2009-04-06; Discovered By: Aaron Portnoy Reported On: 2009-02-16 (49 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file.
VMWare VMnc Codec Invalid RFB Message Type Heap Overflow Vulnerability: Severity: High; TPTI-09-01; Published On: 2009-04-06; Discovered By: Aaron Portnoy Reported On: 2009-02-13 (52 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file.
Microsoft Office RTF \stylesheet Control Word Buffer Overflow Vulnerability: Severity: High; TPTI-08-09; Published On: 2008-12-09; Discovered By: Aaron Portnoy Reported On: 2008-07-08 (154 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Microsoft products. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file or e-mail message.
Microsoft Office RTF \dpendgroup Control Word Buffer Overflow Vulnerability: Severity: High; TPTI-08-08; Published On: 2008-12-09; Discovered By: Aaron Portnoy Reported On: 2008-07-08 (154 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Microsoft products. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file or e-mail message.
Microsoft Windows Message Queuing Service Memory Corruption Vulnerability: Severity: Medium; TPTI-08-07; Published On: 2008-10-14; Discovered By: Cody Pierce, Aaron Portnoy Reported On: 2007-11-14 (335 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows 2000 running the Message Queuing service (mqsvc.exe). User interaction is not required to exploit this vulnerability.
Landesk QIP Server Service Heal Packet Buffer Overflow Vulnerability: Severity: High; TPTI-08-06; Published On: 2008-09-15; Discovered By: Aaron Portnoy Reported On: 2008-09-03 (12 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LANDesk Management Suite. Authentication is not required to exploit this vulnerability.
CA ETrust Secure Content Manager Gateway FTP Listing Display Stack Overflow Vulnerability: Severity: High; TPTI-08-05; Published On: 2008-06-04; Discovered By: Cody Pierce Reported On: 2008-05-19 (16 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust SCM. Authentication is not required to exploit this vulnerability.
Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability: Severity: High; TPTI-08-04; Published On: 2008-05-13; Discovered By: Aaron Portnoy Reported On: 2008-04-19 (24 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects.
Microsoft Excel Rich Text Memory Corruption Vulnerability: Severity: High; TPTI-08-03; Published On: 2008-03-11; Discovered By: Cody Pierce Reported On: 2007-10-17 (146 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.
Cisco Call Manager CTLProvider Heap Overflow Vulnerability: Severity: High; TPTI-08-02; Published On: 2008-01-16; Discovered By: Cody Pierce Reported On: 2007-06-04 (226 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability.
Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability: Severity: High; TPTI-08-01; Published On: 2008-01-15; Discovered By: Cody Pierce Reported On: 2007-10-19 (88 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
Adobe Flash Player JPG Processing Heap Overflow Vulnerability: Severity: High; TPTI-07-21; Published On: 2007-12-19; Discovered By: Aaron Portnoy Reported On: 2007-11-02 (47 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Apple Quicktime Movie Stack Overflow Vulnerability: Severity: High; TPTI-07-20; Published On: 2007-11-14; Discovered By: Cody Pierce Reported On: 2007-10-19 (26 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple software. User interaction is required to exploit this vulnerability.
CA Multiple Product DBASVR RPC Server Pointer Arithmetic Vulnerablities: Severity: High; TPTI-07-19; Published On: 2007-10-16; Discovered By: Pedram Amini Reported On: 2006-11-01 (349 days to patch)
These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit these vulnerabilities and both client and servers are affected.
EMC RepliStor Server Heap Overflow Vulnerability: Severity: High; TPTI-07-18; Published On: 2007-10-10; Discovered By: Aaron Portnoy Reported On: 2007-07-20 (82 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of EMC RepliStor Server. User interaction is not required to exploit this vulnerability.
CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities: Severity: High; TPTI-07-17; Published On: 2007-10-02; Discovered By: Aaron Portnoy Reported On: 2006-11-01 (335 days to patch)
These vulnerabilities allow a remote attacker to inject arbitrary SQL into the backend database on vulnerable installations of CA BrightStor Hierarchical Storage Manager. Authentication is not required to exploit these vulnerabilities.
CA BrightStor Hierarchical Storage Manager Buffer Overflow Vulnerabilities: Severity: High; TPTI-07-16; Published On: 2007-10-02; Discovered By: Aaron Portnoy Reported On: 2006-11-01 (335 days to patch)
These vulnerabilities allow a remote attacker to execute arbitrary code on vulnerable installations of Computer Associates' BrightStor Hierarchical Storage Manager. Authentication is not required to exploit these vulnerabilities.
Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability: Severity: High; TPTI-07-15; Published On: 2007-09-17; Discovered By: Ganesh Devarajan Reported On: 2007-08-20 (28 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Automated Solutions Modbus TCP Slave ActiveX Control. Authentication is not required to exploit this vulnerability.
HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities: Severity: High; TPTI-07-14; Published On: 2007-08-14; Discovered By: Pedram Amini, Cody Pierce, Aaron Portnoy Reported On: 2006-10-10 (308 days to patch)
These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products. Authentication is not required to exploit these vulnerabilities.
Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability: Severity: High; TPTI-07-13; Published On: 2007-07-24; Discovered By: Cody Pierce Reported On: 2007-01-31 (174 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit this vulnerability.
Multiple Vendor Progress Server Heap Overflow Vulnerability: Severity: High; TPTI-07-12; Published On: 2007-07-12; Discovered By: Aaron Portnoy Reported On: 2007-03-14 (120 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RSA Authentication Manager and other products that include the Progress server. User interaction is not required to exploit this vulnerability.
Multiple Vendor SQL fbserver 'connect' Buffer Overflow Vulnerability: Severity: High; TPTI-07-11; Published On: 2007-06-11; Discovered By: Cody Pierce Reported On: 2007-02-01 (130 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL. Authentication is not required to exploit this vulnerability.
Centennial Software XFERWAN Stack Overflow Vulnerability: Severity: High; TPTI-07-10; Published On: 2007-06-04; Discovered By: Cody Pierce Reported On: 2007-03-07 (89 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Centennial Software XFERWAN component. Authentication is not required to exploit this vulnerability.
Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability: Severity: High; TPTI-07-09; Published On: 2007-06-04; Discovered By: Pedram Amini Reported On: 2006-06-22 (347 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Business Objects Crystal Reports. Exploitation requires the target to visit a malicious web site.
Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability: Severity: High; TPTI-07-08; Published On: 2007-06-04; Discovered By: Aaron Portnoy Reported On: 2007-02-08 (116 days to patch)
This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability.
Apple QuickTime STSD Parsing Heap Overflow Vulnerability: Severity: High; TPTI-07-07; Published On: 2007-05-10; Discovered By: Ganesh Devarajan Reported On: 2006-06-16 (328 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption Vulnerability: Severity: High; TPTI-07-06; Published On: 2007-05-02; Discovered By: Pedram Amini Reported On: 2007-02-15 (76 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability.
IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities: Severity: High; TPTI-07-05; Published On: 2007-05-02; Discovered By: Aaron Portnoy Reported On: 2006-12-18 (135 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Tivoli Provisioning Manager for OS Deployment. Authentication is not required to exploit this vulnerability.
LANDesk Management Suite Alert Service Stack Overflow Vulnerability: Severity: High; TPTI-07-04; Published On: 2007-04-13; Discovered By: Aaron Portnoy Reported On: 2007-03-08 (36 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of LANDesk Management Suite. User interaction is not required to exploit this vulnerability.
America Online SuperBuddy ActiveX Control Code Execution Vulnerability: Severity: High; TPTI-07-03; Published On: 2007-03-30; Discovered By: Cody Pierce Reported On: 2006-07-18 (255 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities: Severity: High; TPTI-07-02; Published On: 2007-02-20; Discovered By: Pedram Amini Reported On: 2007-02-01 (19 days to patch)
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities.
Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities: Severity: High; TPTI-07-01; Published On: 2007-02-20; Discovered By: Pedram Amini Reported On: 2007-01-19 (32 days to patch)
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities.
Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability: Severity: High; TPTI-06-15; Published On: 2006-12-06; Discovered By: Aaron Portnoy Reported On: 2006-09-19 (78 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server Client for Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-14; Published On: 2006-12-04; Discovered By: TippingPoint Security Research Team Reported On: 2006-05-09 (209 days to patch)
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities.
HP OpenView Client Configuration Manager Device Code Execution Vulnerability: Severity: High; TPTI-06-13; Published On: 2006-11-08; Discovered By: Pedram Amini Reported On: 2006-10-10 (29 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected.
CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability: Severity: High; TPTI-06-12; Published On: 2006-10-05; Discovered By: Pedram Amini Reported On: 2006-04-27 (161 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserver Backup. Authentication is not required exploit this vulnerability and both the client and server are affected.
CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-11; Published On: 2006-10-05; Discovered By: Pedram Amini Reported On: 2006-03-28 (191 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit this vulnerability and both client and servers are affected.
Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability: Severity: High; TPTI-06-10; Published On: 2006-08-08; Discovered By: Pedram Amini Reported On: 2006-02-28 (161 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed.
Microsoft DirectAnimation COM Object Memory Corruption Vulnerability: Severity: High; TPTI-06-09; Published On: 2006-08-08; Discovered By: Cody Pierce Reported On: 2006-04-27 (103 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Microsoft Internet Help COM Object Memory Corruption Vulnerability: Severity: High; TPTI-06-08; Published On: 2006-08-08; Discovered By: Cody Pierce Reported On: 2006-04-27 (103 days to patch)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-07; Published On: 2006-08-08; Discovered By: Pedram Amini Reported On: 2006-05-10 (90 days to patch)
These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit these vulnerabilities.
CA eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability: Severity: High; TPTI-06-06; Published On: 2006-08-07; Discovered By: Mathew Murphy Reported On: 2006-07-17 (21 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Computer Associates eTrust AntiVirus WebScan ActiveX component. Successful exploitation requires that the target user browse to a malicious web page.
CA eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability: Severity: High; TPTI-06-05; Published On: 2006-08-07; Discovered By: Mathew Murphy Reported On: 2006-07-17 (21 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Computer Associates eTrust AntiVirus WebScan ActiveX component. Successful exploitation requires that the target user browse to a malicious web page.
eIQnetworks ESA Topology Server Buffer Overflow Vulnerability: Severity: High; TPTI-06-04; Published On: 2006-07-25; Discovered By: Cody Pierce Reported On: 2006-05-10 (76 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit this vulnerability.
eIQnetworks ESA Syslog Server Buffer Overflow Vulnerabilities: Severity: High; TPTI-06-03; Published On: 2006-07-25; Discovered By: Cody Pierce Reported On: 2006-05-10 (76 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of eIQnetworks Enterprise Security Analyzer. Authentication is not required to exploit this vulnerability.
Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability: Severity: High; TPTI-06-02; Published On: 2006-07-11; Discovered By: Pedram Amini Reported On: 2006-03-01 (132 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.
Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability: Severity: High; TPTI-06-01; Published On: 2006-03-27; Discovered By: TippingPoint Security Research Team Reported On: 2006-01-23 (63 days to patch)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable Symantec VERITAS NetBackup client and server installations. Authentication is not required to exploit this vulnerability.

Published Advisories

2010

2009

2008

2007

2006

Published Advisories

Upcoming Advisories

Blog Entries