Home Blog Papers Advisories Alerts Tools Services About eEye.com
eEye Digital Security
Blog PostsBlog Posts
Aug 29
MS07-046 Update Jul 18
Free ePO Vulnerability Scanner May 17
BrightStor Code Execution Zero-Day, BootRoot, & Versa Apr 13
Zero-Day Alert: Microsoft DNS RPC
Published AdvisoriesPublished Advisories
Severity: HIGHOct 11
CA BrightStor ARCserve Backup Server Arbitrary Pointer Dereference

Severity: HIGHSep 10
Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops

Severity: HIGHAug 14
Windows Metafile AttemptWrite Heap Overflow

Upcoming AdvisoriesUpcoming Advisories
Severity: HIGHOct 24
BitDefender

Severity: HIGHOct 3
CA BrightStor Arcserve Backup Server Service Disruption

Severity: HIGHSep 28
Multiple Media Player Multiple Code Execution Vulnerabilities

eEye Research Logo Sign Up for Vulnerability Assessment News

Zero-Day TrackerRSS Feed

Welcome to eEye Research Team's Zero-Day Tracker. This site was built to serve as an informational archive for zero-day vulnerabilities. Please email any questions regarding this site to skunkworks@eeye.com. Suggestions for additions to this list (past or present zero-day vulnerabilities) are always welcome.

Active Zero-Day Vulnerabilities: 4
Archived Zero-Day Vulnerabilities: 42

The following entries are active zero-day vulnerabilities. They have been publicly disclosed and/or used in attacks, and do not have any published vendor-supplied patch. eEye's Blink® software proactively protects systems from these flaws.

Macrovision secdrv.sys Local Privilege Escalation16
Days of Exposure
Vendor: Macrovision
Application: Microsoft Windows
Severity: Medium
Date Disclosed: 10/16/2007
Days of Exposure:
16 


Windows URI Protocol Handling99
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 7/25/2007
Days of Exposure:
99 


Internet Connection Sharing DoS369
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: Medium
Date Disclosed: 10/28/2006
Days of Exposure:
369 


RPC Memory Exhaustion715
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: Low
Date Disclosed: 11/16/2005
Days of Exposure:
715 



The following archived zero-day vulnerabilities have been patched by the vendor. At the time of disclosure, these entries were made public and/or used in active attacks prior to the release of a patch. eEye's Blink® software proactively protects systems from these flaws, and eEye's Retina® software scans systems to detect for the presence of these flaws.

RealNetworks RealPlayer ierpplug.dll Remote Code Execution1
Day of Exposure
Vendor: RealNetworks
Application: RealPlayer
Severity: High
Date Disclosed: 10/19/2007
Date Patched: 10/20/2007
Days of Exposure:
1 


MSN Messenger Video Conversation Heap Overflow0
Days of Exposure
Vendor: Microsoft
Application: MSN Messenger
Severity: High
Date Disclosed: 1/31/2007
Date Patched: 1/31/2007
Days of Exposure:
0 


Yahoo! Messenger Webcam Heap Overflow9
Days of Exposure
Vendor: Yahoo!, Inc
Application: Yahoo! Messenger
Severity: High
Date Disclosed: 8/12/2007
Date Patched: 8/21/2007
Days of Exposure:
9 


Yahoo! Webcam ActiveX1
Day of Exposure
Vendor: Yahoo!, Inc
Application: Yahoo! Messenger
Severity: High
Date Disclosed: 6/6/2007
Date Patched: 6/7/2007
Days of Exposure:
1 


Multiple BrightStor Backup RPC Vulnerabilities148
Days of Exposure
Vendor: Computer Associates
Application: BrightStor Backup
Severity: High
Date Disclosed: 5/16/2007
Date Patched: 10/11/2007
Days of Exposure:
148 


Winamp .MP4 Code Execution4
Days of Exposure
Vendor: AOL Music
Application: Winamp
Severity: High
Date Disclosed: 4/30/2007
Date Patched: 5/4/2007
Days of Exposure:
4 


Microsoft DNS RPC Buffer Overflow31
Days of Exposure
Vendor: Microsoft
Application: Windows With DNS Server Service Running
Severity: High
Date Disclosed: 4/7/2007
Date Patched: 5/8/2007
Days of Exposure:
31 


Brightstor Backup Mediasvr.exe RPC 19126
Days of Exposure
Vendor: Computer Associates
Application: BrightStor
Severity: High
Date Disclosed: 3/29/2007
Date Patched: 4/24/2007
Days of Exposure:
26 


Windows .ANI Processing6
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: High
Date Disclosed: 3/28/2007
Date Patched: 4/3/2007
Days of Exposure:
6 


Sun Solaris Telnet Bypass2
Days of Exposure
Vendor: Sun
Application: Solaris
Severity: High
Date Disclosed: 2/12/2007
Date Patched: 2/14/2007
Days of Exposure:
2 


Word Unspecified Exploit(4)88
Days of Exposure
Vendor: Microsoft
Application: Word
Severity: Medium
Date Disclosed: 2/9/2007
Date Patched: 5/8/2007
Days of Exposure:
88 


Office Unspecified Exploit15
Days of Exposure
Vendor: Microsoft
Application: Office
Severity: High
Date Disclosed: 2/2/2007
Date Patched: 2/17/2007
Days of Exposure:
15 


Word Unspecified Exploit(3)19
Days of Exposure
Vendor: Microsoft
Application: Word
Severity: High
Date Disclosed: 1/25/2007
Date Patched: 2/13/2007
Days of Exposure:
19 


Apple QuickTime RTSP URL Buffer Overflow22
Days of Exposure
Vendor: Apple
Application: QuickTime
Severity: High
Date Disclosed: Jan 1, 2007
Date Patched: Jan 23, 2007
Days of Exposure:
22 


Windows MessageBox / NtRaiseHardError116
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: Medium
Date Disclosed: 12/15/2006
Date Patched: 4/10/2007
Days of Exposure:
116 


Word 12122006-djtest.doc67
Days of Exposure
Vendor: Microsoft
Application: Word
Severity: Critical
Date Disclosed: 12/12/2006
Date Patched: 2/17/2007
Days of Exposure:
67 


Word Unspecified Exploit(2)65
Days of Exposure
Vendor: Microsoft
Application: Word
Severity: High
Date Disclosed: 12/10/2006
Date Patched: 2/13/2007
Days of Exposure:
65 


Word Unspecified Exploit70
Days of Exposure
Vendor: Microsoft
Application: Word
Severity: High
Date Disclosed: 12/5/2006
Date Patched: 2/13/2007
Days of Exposure:
70 


Adobe ActiveX7
Days of Exposure
Vendor: Adobe
Application: Acrobat ActiveX
Severity: High
Date Disclosed: 11/28/2006
Date Patched: 12/5/2006
Days of Exposure:
7 


ASX Playlist20
Days of Exposure
Vendor: Microsoft
Application: Windows Media Player
Severity: High
Date Disclosed: 11/22/2006
Date Patched: 12/12/2006
Days of Exposure:
20 


Windows GDI Local Privilege Escalation148
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: Medium
Date Disclosed: 11/06/2006
Date Patched: 4/3/2007
Days of Exposure:
148 


XMLHTTP 4.0 ActiveX10
Days of Exposure
Vendor: Microsoft
Application: XML Core Services
Severity: High
Date Disclosed: 11/4/2006
Date Patched: 11/14/2006
Days of Exposure:
10 


ADODB.Connection ActiveX109
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 10/27/2006
Date Patched: 2/13/2007
Days of Exposure:
109 


Microsoft Office 2003 PPT Local DoS341
Days of Exposure
Vendor: Microsoft
Application: PowerPoint
Severity: Medium
Date Disclosed: 10/12/2006
Date Patched: 9/18/2007
Days of Exposure:
341 


McAfee Network Agent26
Days of Exposure
Vendor: McAfee
Application: Internet Security Suite
Severity: High
Date Disclosed: 10/12/2006
Date Patched: 11/7/2006
Days of Exposure:
26 


PowerPoint Controlppt13
Days of Exposure
Vendor: Microsoft
Application: PowerPoint
Severity: High
Date Disclosed: 9/27/2006
Date Patched: 10/10/2006
Days of Exposure:
13 


QTL Arbitrary JavaScript Execution363
Days of Exposure
Vendor: Apple
Application: Quicktime
Severity: High
Date Disclosed: 9/20/2006
Date Patched: 9/18/2007
Days of Exposure:
363 


IE VML7
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 9/19/2006
Date Patched: 9/26/2006
Days of Exposure:
7 


IE DAXCTLE.OCX KeyFrame62
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 9/13/2006
Date Patched: 11/14/2006
Days of Exposure:
62 


Word Mdropper39
Days of Exposure
Vendor: Microsoft
Application: Word
Severity: High
Date Disclosed: 9/1/2006
Date Patched: 10/10/2006
Days of Exposure:
39 


IE DAXCTLE.OCX Spline78
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 8/28/2006
Date Patched: 11/14/2006
Days of Exposure:
78 


WMI Object Broker ActiveX124
Days of Exposure
Vendor: Microsoft
Application: Visual Studio 2005
Severity: High
Date Disclosed: 08/10/2006
Date Patched: 12/12/2006
Days of Exposure:
124 


Server NETAPI320
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: High
Date Disclosed: 8/8/2006
Date Patched: 8/8/2006
Days of Exposure:
0 


IE setSlice()84
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 7/18/2006
Date Patched: 10/10/2006
Days of Exposure:
84 


PowerPoint PPDropper27
Days of Exposure
Vendor: Microsoft
Application: PowerPoint
Severity: High
Date Disclosed: 7/12/2006
Date Patched: 8/8/2006
Days of Exposure:
27 


Excel nanika.xls118
Days of Exposure
Vendor: Microsoft
Application: Excel
Severity: High
Date Disclosed: 6/14/2006
Date Patched: 10/10/2006
Days of Exposure:
118 


Word2003 Ginwui26
Days of Exposure
Vendor: Microsoft
Application: Word
Severity: High
Date Disclosed: 5/18/2006
Date Patched: 6/13/2006
Days of Exposure:
26 


IE createTextRange()20
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 3/22/2006
Date Patched: 4/11/2006
Days of Exposure:
20 


WMF Metafile9
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: High
Date Disclosed: 12/27/2005
Date Patched: 1/5/2006
Days of Exposure:
9 


IE JAVAPRXY.DLL13
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 6/29/2005
Date Patched: 7/12/2005
Days of Exposure:
13 


IE window()196
Days of Exposure
Vendor: Microsoft
Application: Internet Explorer
Severity: High
Date Disclosed: 5/31/2005
Date Patched: 12/13/2005
Days of Exposure:
196 


NTDLL "IIS WebDAV"37
Days of Exposure
Vendor: Microsoft
Application: Windows
Severity: High
Date Disclosed: 3/17/2003
Date Patched: 4/23/2003
Days of Exposure:
37 
 Privacy l Legal
Copyright © 1998-2007 eEye Digital Security