Latest zero-days Total: 369, in 2017: Zero-days 34, candidates: 8

Remote code execution in Adobe Flash Player


According to Kaspersky Lab, the vulnerability has being exploited by the BlackOasis threat actor. The recent attacks leveraging today's zero-day sent malicious Office documents to victims, which came with an embedded ActiveX object that contained the Flash CVE-2017-11292 exploit.

Remote code execution in Microsoft Office

The weakness was reported to Microsoft by researchers at China-based security firm Qihoo 360. The experts said they first observed an attack exploiting this vulnerability on September 28. The attacks targeted a small number of the company’s customers and they involved malicious RTF files.

Remote code execution in Microsoft .NET Framework


The vulnerability was detected by FireEye  researchers. The attacker used Microsoft Office RTF document to leverage RCE in .NET Framework and deploy FINSPY malware. The malicious document “Проект.doc” (MD5: fe5c4d6bb78e170abf5cf3741868ea4c) had Russian name and might have been used to target a Russian speaker.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.