Zero-Day Vulnerabilities

This page was built to serve as an informational archive for zero-day vulnerabilities.

Suggestions for additions to this list (past or present zero-day vulnerabilities) are always welcome just use the contact button and mail us or why not give us a call.

The following entries are active zero -day vulnerabilities (see also our patched zero-day list). They have been publicly disclosed and/or used in attacks, and do not have any published vendor-supplied patch.

To be included in this list, an exploit must fulfill the following two criteria:

1) the risk exposure through this vulnerability must be moderatly critical (ranks a 3 or higher on a 5 point scale), and

2) the impact that could be caused by a successful exploit of a vulnerability listed here is estimated as being a moderatly critical (ie. ranks a 3 or higher on a 5 point scale).

This list is in no way complete but instead focuses on those zero-day vulnerabilities most important to our users. An example might be a zero-day concerning the Windows operating system, Adobe Reader, Skype or OpenOffice.org software, the Apple iPod player or, for instance, YouTube.

CASEScontact.org advisories provide information to proactively protect systems from these flaws, while CyTRAP Labs tools help in detecting the presence of these vulnerabilities.

CASEScontact - solutions, tools & skills against latest security, cybercrime, hacking & malware threats
- Currently, there are 4 zero-day alerts listed on CyTRAP Labs. -

CT110118: CASEScontact.org advisory - Microsoft Windows Media Player 2 and Media Player Classic -- zero-day exploit - stack overflow vulnerabilities may allow execution of arbitrary code
Date disclosed: 2007-12-08

Affected Systems: The vulnerability affects:
- Microsoft Media Player 2 - Version 6.4 or
- Media Player Classic (MPC) 6.4.9 MP4 2007 for Windows 2000 and Windows XP
Version 6.4 was the final version of Media Player 2, by now known as Windows Media Player. Version 6.4 was included with various version os Windows (95/98/NT/2000/XP), but was dropped in Windows Vista.
Media Player Classic 6.4. runs under GPL license and allows playing of DVDs on their machine.

Vendor: Microsoft and guliverkli
Date patched: Not patched, yet
Status: Not patched
Days of exposure: 1000

CT110114: CASEScontact.org - Adobe Acrobat, Reader and Foxit reader - PATCH AVAILABLE for zero-day exploit for ADOBE ONLY at this time - pdf rendering vulnerability
Date disclosed: 2007-09-21

Affected Systems: Vulnerability affects:
- Adobe Acrobat and Adobe Reader or
- Foxit Reader for Windows with the following operating systems:
- Windows XP
Vulnerability was reported to be tested using the English version of a fully patched Windows XP SP2 operating system.
Download a video here:

Adobe Acrobat and Adobe Reader - video demonstrating part of the vulnerability

Vendor: Adobe and Foxit Software Company
Date patched: Not patched, yet
Status: Not patched
Patch Info: 2007-10-23- Adobe has issued a patch for this vulnerability (Click on link - Login as guest - click on this link again and you get defintion - fast and easy) you can get more info here:
- Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat and
- Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat
Keep yourself posted by checking:
- CASEScontact.org - zero-day patched exploits & vulnerabilities list & archive AND BEST sign up for CyTRAP Labs zero-day exploit advisories NOW right here (click on link below),
- Sign-up for zero-day alerts
Please keep in mind that there is no patch available at this time regarding this problem for FoxitReader, wee keep you posted.

If you want to know how you can check what version of Adobe Reader or Adobe Acrobat is running on your machine and getting the latest update fast and easy, see here:
CyTRAP Labs advisory - time to update your Adobe Reader

Please do this right now to protect yourself.

Foxit Software Company - Foxit PDF Reader
- 2007-10-23 - CyTRAP Labs inquires about when patch will be released
- 2007-10-25 - Foxit Software Company advises CyTRAP Labs that it plans to release a security patch for this vulnerability sometime during November 2007. We keep you posted
  
  Days of exposure: 1080
- CT110102: Adobe Photoshop and Corel Paint Shop - zero-day - buffer overflow - file handling client side code execution vulnerability
  Date disclosed: 2007-04-27
  
  Affected Systems: Vulnerability affects:
  - Adobe Photoshop and
  - Corel Paint Shop
  Vulnerability was tested using the French and English version of a fully patched Windows XP SP2 operating system.
  Vendor: Adobe and Corel
  Date patched: Not patched, yet
  Status: Not patched
  Patch Info: Neither Adobe nor Corel have issued a patch for this vulnerability.
  Days of exposure: 1223
- CT110090: CASEScontact.org advisory - Windows Vista zero-day vulnerability #2 - speech recognition for remote exploits
  Date disclosed: 2007-01-31
  
  Affected Systems: Vulnerability has been reported with:
  - Microsoft Windows Vista
  Vendor: Microsoft
  Date patched: Not patched, yet
  Status: Not patched
  Days of exposure: 1311

	Advisories (archive) Complete list of Threat Advisories and Security Tips
	Prevention (archive) Tools & Training
	Security Concepts Help in understanding the concepts
	Services All our sites and service at a glance
Powered by: CyTRAP.eu Our Partners:

CASESContact.org

Advisories (archive)

Prevention (archive)

Security Concepts

Services

Zero-Day Vulnerabilities

:: Search ::

:: Home Delivery ::

more »

:: CyTRAP Labs ::

CyTRAP Labs »

:: JS Feeds ::

JS Feeds »

:: Risk Level ::

more »

:: Refer to a Friend ::

here »