Upcoming Advisories

The following is a list of vulnerabilities discovered by TippingPoint DVLabs researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. A list of published advisories discovered through the Zero Day Initiative extended research network is available from:

http://www.zerodayinitiative.com/advisories/upcoming

Samba

Reported on: 2012-03-26

Severity: High

Discovered by: Brian Gorenc

51 days since report

EMC

Reported on: 2012-03-14

Severity: High

Discovered by: Aaron Portnoy

63 days since report

Novell

Reported on: 2012-03-14

Severity: High

Discovered by: Brian Gorenc

63 days since report

EMC

Reported on: 2012-02-22

Severity: High

Discovered by: Aaron Portnoy, Brandon Edwards, Logan Brown, Peter Vreugdenhil

84 days since report

EMC

Reported on: 2012-02-22

Severity: High

Discovered by: Aaron Portnoy, Brandon Edwards, Logan Brown, Peter Vreugdenhil

84 days since report

HP

Reported on: 2012-01-24

Severity: High

Discovered by: Aaron Portnoy

113 days since report

Oracle

Reported on: 2011-11-29

Severity: High

Discovered by: Brian Gorenc

169 days since report
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of an Oracle product. User interaction is required in that a target must visit a malicious page.

Novell

Reported on: 2011-05-31

Severity: High

Discovered by: Jonathan Andersson

351 days since report
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Adobe

Reported on: 2011-01-01

Severity: High

Discovered by: Logan Brown

501 days since report
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Published Advisories

TPTI-12-03: Adobe

• published 2012-04-18

TPTI-12-02: Novell

• published 2012-03-22

TPTI-12-01: Oracle

• published 2012-02-22

TPTI-11-14: Adobe

• published 2011-12-01

TPTI-11-13: McAfee

• published 2011-08-08

Upcoming Advisories

Samba

• reported 2012-03-26

EMC

• reported 2012-03-14

Novell

• reported 2012-03-14

EMC

• reported 2012-02-22

EMC

• reported 2012-02-22

Blog Entries

Thank you Aaron

• 2012-05-02 by Scott Lambert
• (0 Comments)

Announcing the IDA Toolbag

• 2012-04-04 by Aaron Portnoy
• (0 Comments)

MindshaRE: Another Approach To Tracking ReadFile

• 2012-04-02 by Brandon Edwards
• (3 Comments)

Pwn2Own Challenges: Heapsprays are for the 99%

• 2012-03-15 by Peter Vreugdenhil
• (0 Comments)

Pwn2Own 2012 and Google Pwnium

• 2012-02-29 by Zero Day Initiative
• (3 Comments)