Upcoming Advisories

The following is a list of vulnerabilities discovered by TippingPoint DVLabs researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. A list of published advisories discovered through the Zero Day Initiative extended research network is available from:

http://www.zerodayinitiative.com/advisories/upcoming

Microsoft

Reported on: 2009-05-11

Severity: Medium

Discovered by: Cody Pierce

53 days since report
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows.

Sophos

Reported on: 2009-04-01

Severity: Medium

Discovered by: Cody Pierce

93 days since report
This vulnerability allows local attackers to execute arbitrary code under the context of the kernel on vulnerable installations of Sophos software.

Oracle

Reported on: 2009-03-13

Severity: High

Discovered by: Cody Pierce

112 days since report
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle software. Authentication is not required to exploit this vulnerability.

Microsoft

Reported on: 2008-08-12

Severity: High

Discovered by: Ganesh Devarajan

325 days since report
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Hewlett-Packard

Reported on: 2007-07-09

Severity: High

Discovered by: Aaron Portnoy

725 days since report
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard software. User interaction is not required to exploit this vulnerability.

Hewlett-Packard

Reported on: 2006-10-10

Severity: High

Discovered by: Pedram Amini

997 days since report
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView software. Authentication is not required to exploit this vulnerability.

Published Advisories

TPTI-09-04: Apple

• published 2009-06-02

TPTI-09-03: Apple

• published 2009-06-02

TPTI-09-01: VMWare

• published 2009-04-06

TPTI-09-02: VMWare

• published 2009-04-06

TPTI-08-08: Microsoft

• published 2008-12-09

Upcoming Advisories

Microsoft

• reported 2009-05-11

Sophos

• reported 2009-04-01

Oracle

• reported 2009-03-13

Microsoft

• reported 2008-08-12

Hewlett-Packard

• reported 2007-07-09

Blog Entries

Exploiting MS Advisory 971778 - QuickTime DirectShow Vulnerability

• 2009-06-30 by Aaron Portnoy
• (3 Comments)

What's Worse Than Finding a Bug in Your Apple?

• 2009-06-05 by Rob King
• (2 Comments)

The iPhone 3.0 Conundrum

• 2009-06-04 by Cameron Hotchkies
• (0 Comments)

Authoring a Technical Book

• 2009-06-03 by Pedram Amini
• (2 Comments)

MindshaRE: Finding ActiveX Methods Dynamically

• 2009-06-01 by Cody Pierce
• (5 Comments)