Published Advisories

The following is a list of all publicly disclosed vulnerabilities discovered by TippingPoint Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. TippingPoint customers are additionally protected against 0day vulnerabilities discovered by our own DVLabs researchers. A list of published advisories discovered by TippingPoint's DVLabs research group is available from:

http://dvlabs.tippingpoint.com/advisories/published/

ZDI Advisories: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005

ZDI-12-074	CVE:	Published: 2012-04-19
Oracle Forms Recognition CroScPlt.dll ActiveX Control Remote Code Execution Vulnerabilty

ZDI-12-073	CVE:	Published: 2012-04-19
Oracle WebCenter Forms Recognition Sssplt30.ocx ActiveX Control Remote Code Execution Vulnerabilty

ZDI-12-072	CVE: CVE-2012-1182	Published: 2012-04-18
Samba ReportEventW Heap Overflow Remote Code Execution Vulnerability

ZDI-12-071	CVE: CVE-2012-1182	Published: 2012-04-18
Samba ndr_ValidatePassword heap overflow Remote Code Execution Vulnerability

ZDI-12-070	CVE: CVE-2012-1182	Published: 2012-04-18
Samba lsa_LookupNames Heap Overflow Remote Code Execution Vulnerability

ZDI-12-069	CVE: CVE-2012-1182	Published: 2012-04-18
Samba SetInfoPolicy AuditEventsInfo Remote Code Execution Vulnerability

ZDI-12-068	CVE: CVE-2012-1182	Published: 2012-04-18
Samba GetAliasMembership SidArray Remote Code Execution Vulnerability

ZDI-12-067	CVE: CVE-2012-0592	Published: 2012-04-18
WebKit.org Webkit Array.Splice Remote Code Execution Vulnerability

ZDI-12-066	CVE:	Published: 2012-04-18
Internet Explorer CTagFactory Use-After-Free Remote Code Execution Vulnerability

ZDI-12-065	CVE:	Published: 2012-04-18
Microsoft Internet Explorer selectAll Use-After-Free Remote Code Execution Vulnerability

ZDI-12-064	CVE: CVE-2012-1182	Published: 2012-04-18
Samba NDR PULL DFS EnumArray1 Heap Overflow Remote Code Execution Vulnerability

ZDI-12-063	CVE: CVE-2012-1182	Published: 2012-04-18
Samba NDR PULL SVCCTL StartServiceW Heap Overflow Remote Code Execution Vulnerability

ZDI-12-062	CVE: CVE-2012-1182	Published: 2012-04-18
Samba NDR PULL LSA TrustDomainInfoControllers Heap Overflow Remote Code Execution Vulnerability

ZDI-12-061	CVE: CVE-2012-1182	Published: 2012-04-18
Samba ndr_pull_dfs_Info3 Heap Overflow Remote Code Execution Vulnerability

ZDI-12-060	CVE: CVE-2012-0498	Published: 2012-04-09
Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability

ZDI-12-059	CVE: CVE-2012-0444	Published: 2012-04-09
Mozilla Firefox Ogg Vorbis Decoding Memory Corruption Remote Code Execution Vulnerability

ZDI-12-058	CVE: CVE-2011-3460	Published: 2012-04-09
Apple Quicktime PNG Depth Decoding Remote Code Execution Vulnerability

ZDI-12-057	CVE:	Published: 2012-04-09
(Pwn2Own) Adobe Flash Player NetStream addBytes Remote Code Execution Vulnerability

ZDI-12-056	CVE: CVE-2011-3658	Published: 2012-04-09
Mozilla Firefox nsSVGValue Out-of-Bounds Access Remote Code Execution Vulnerability

ZDI-12-055	CVE: CVE-2011-3928	Published: 2012-04-09
Webkit.org Webkit copyNonAttributeProperties Remote Code Execution Vulnerability

ZDI-12-054	CVE: CVE-2011-2825	Published: 2012-03-26
Webkit fontface Invalid Font Family Remote Code Execution Vulnerability

ZDI-12-053	CVE: CVE-2011-4249	Published: 2012-03-26
RealNetworks RealPlayer RV30 Sample Arbitrary Index Remote Code Execution Vulnerability

ZDI-12-052	CVE:	Published: 2012-03-26
FlexNet License Server Manager lmgrd Remote Code Execution Vulnerability

ZDI-12-051	CVE: CVE-2011-4254	Published: 2012-03-22
RealNetworks RealPlayer RTSP SETUP Request Remote Code Execution Vulnerability

ZDI-12-050	CVE: CVE-2011-4262	Published: 2012-03-22
RealNetworks RealPlayer mp4fformat rdrf Remote Code Execution Vulnerability

ZDI-12-049	CVE: CVE-2012-0927	Published: 2012-03-22
RealNetworks RealPlayer RealAudio coded_frame_size Remote Code Execution

ZDI-12-048	CVE: CVE-2012-0924	Published: 2012-03-22
RealNetworks RealPlayer VIDOBJ_START_CODE Remote Code Execution Vulnerability

ZDI-12-047	CVE: CVE-2012-0754	Published: 2012-03-22
Adobe Flash ASconstructor Function Call Remote Code Execution Vulnerability

ZDI-12-046	CVE: CVE-2011-4257	Published: 2012-03-20
RealNetworks RealPlayer Cook Codec Channel Parsing Remote Code Execution Vulnerability

ZDI-12-045	CVE:	Published: 2012-03-20
Oracle Java JOGL NEWT Reflection Remote Code Execution Vulnerability

ZDI-12-044	CVE: CVE-2012-0002	Published: 2012-03-15
Microsoft Remote Desktop Protocol Channel Abort Condition Remote Code Execution Vulnerability

ZDI-12-041	CVE: CVE-2011-2113	Published: 2012-03-01
Adobe Shockwave iml32.dll DEMX Remote Code Execution Vulnerability

ZDI-12-040	CVE: CVE-2012-0198 & CVE-2012-0199	Published: 2012-03-01
IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Multiple Remote Code Execution Vulnerabilities

ZDI-12-039	CVE:	Published: 2012-02-22
Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution

ZDI-12-038	CVE:	Published: 2012-02-22
Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability

ZDI-12-037	CVE:	Published: 2012-02-22
Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability

ZDI-12-036	CVE: CVE-2012-0155	Published: 2012-02-22
Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability

ZDI-12-035	CVE: CVE-2012-0011	Published: 2012-02-22
Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability

ZDI-12-034	CVE: CVE-2012-0150	Published: 2012-02-22
Microsoft Windows Media Player ASX Meta-File Parsing Remote Code Execution Vulnerability

ZDI-12-033	CVE:	Published: 2012-02-22
ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability

ZDI-12-032	CVE:	Published: 2012-02-22
Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability

ZDI-12-031	CVE: CVE-2011-4194	Published: 2012-02-08
Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability

ZDI-12-030	CVE: CVE-2011-1388	Published: 2012-02-08
IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability

ZDI-12-029	CVE: CVE-2011-1391	Published: 2012-02-08
IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability

ZDI-12-028	CVE: CVE-2011-1392	Published: 2012-02-08
IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities

ZDI-12-027	CVE: CVE-2012-0189	Published: 2012-02-08
IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability

ZDI-12-026	CVE: CVE-2012-0190	Published: 2012-02-08
IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability

ZDI-12-025	CVE: CVE-2012-0395	Published: 2012-02-08
EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution

ZDI-12-024	CVE:	Published: 2012-02-08
Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability

ZDI-12-023	CVE:	Published: 2012-02-08
Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability

ZDI-12-022	CVE:	Published: 2012-02-08
Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability

ZDI-12-021	CVE: CVE-2011-4373	Published: 2012-02-08
Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability

ZDI-12-020	CVE: CVE-2012-0189	Published: 2012-01-30
IBM SPSS VsVIEW6.ocx ActiveX Control Multiple Methods Remote Code Execution Vulnerability

ZDI-12-019	CVE: CVE-2012-0188	Published: 2012-01-30
IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability

ZDI-12-018	CVE: CVE-2011-3478	Published: 2012-01-25
Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability

ZDI-12-017	CVE:	Published: 2012-01-20
Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability

ZDI-12-016	CVE: CVE-2011-4789	Published: 2012-01-12
(0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability

ZDI-12-015	CVE: CVE-2011-4788	Published: 2012-01-12
(0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities

ZDI-12-014	CVE: CVE-2011-4787	Published: 2012-01-12
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability

ZDI-12-013	CVE: CVE-2011-4786	Published: 2012-01-12
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability

ZDI-12-012	CVE:	Published: 2012-01-12
(0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution

ZDI-12-011	CVE:	Published: 2012-01-10
Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability

ZDI-12-010	CVE:	Published: 2012-01-10
Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability

ZDI-12-009	CVE:	Published: 2012-01-10
Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability

ZDI-12-008	CVE:	Published: 2012-01-10
Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability

ZDI-12-007	CVE:	Published: 2012-01-05
Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability

ZDI-12-006	CVE:	Published: 2012-01-05
Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability

ZDI-12-005	CVE: CVE-2011-3248	Published: 2012-01-05
Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability

ZDI-12-004	CVE: CVE-2011-3250	Published: 2012-01-05
Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability

ZDI-12-003	CVE: CVE-2011-3166	Published: 2012-01-05
HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability

ZDI-12-002	CVE: CVE-2011-3167	Published: 2012-01-05
HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability

ZDI-12-001	CVE: CVE-2011-4169	Published: 2012-01-05
HP Managed Printing Administration img_id Multiple Vulnerabilities

# Created Cases:	4,059
# Researchers:	1,650
Avg. Verification Time:	25 days

Published Advisories

Published Advisories

Upcoming Advisories

Recent Press