Zero-day Vulnerability Database

Change view:

Zero-day vulnerabilities discovered: 11

Remote code execution in Microsoft Word
CVE-2008-4841

Stack-based buffer overflow

The vulnerability alows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to stack overflow when parsing a malicious document. A remote attacker can create a specially crafted Word file containing a malformed list structure, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Microsoft WordPad

Known/fameous malware:

Exploit: Win32/CVE-2008-4841

Remote code execution in Microsoft Windows
CVE-2008-4844

Use-after-free

The vulnerability alows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer. A remote attacker can construct a specially crafted Web page, trick the victim into viewing it, trigger memory corruption and execute arbitrary code via DSO bindings involving an XML Island,  XML DSOs, or Tabular Data Control (TDC) in a crafted HTML or XML document.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Microsoft Internet Explorer

Two remote code execution vulnerabilities in Microsoft Windows
CVE-2008-2249

Integer Overflow or Wraparound

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow when processing malformed WMF image file. By persuading the victim to open a specially crafted WMF image file containing a malformed header, a remote attacker can cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: according to reports this vulnerability was being actively exploited before Microsoft issued security patch.
i

According to Symantec first exploitation of this vulnerability was detected on 2008-10-14.

Software: Windows

Known/fameous malware:

Bloodhound.Exploit.214.

According to Symantec first exploitation of this vulnerability was detected on 2008-10-14.

Remote code execution in Microsoft Windows
CVE-2008-4250

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow during path canonicalization in Windows Server service. By sending a specially crafted RCP request, a remote attacker can cause memory corruption and execute arbitrary code with privileges of system account.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.
i

According to Symantec, first exploitation of this vulnerability was detected on 2008-02-05. The vulnerability was used by the Conficker worm.

Software: Windows

Known/fameous malware:

Trojan (Gimmiv.A) and a Trojan searching for non-patched machines on LAN (Arpoc.A)
W32.Downadup aka Conficker
W32.Downadup.B
W32.Fujacks.CE
W32.Neeris.C
W32.Wapomi.B

According to Symantec, first exploitation of this vulnerability was detected on 2008-02-05. The vulnerability was used by the Conficker worm.

Remote code execution in Microsoft Windows
CVE-2008-3704

Memory corruption

The vulnerability alows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a buffer overflow in the Masked Edit ActiveX Control. A remote attacker can construct a specially crafted Web page, trick the victim into viewing it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Microsoft Masked Edit ActiveX Control

Remote code execution in Microsoft Word
CVE-2008-2244

Memory corruption

The vulnerability alows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when handling malformed Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The vulnerability was being used in a 2008 Summer Olympics-themed attack.

Software: Microsoft Word

The vulnerability was being used in a 2008 Summer Olympics-themed attack.

Remote code execution in Microsoft Access
CVE-2008-2463

Memory corruption

The vulnerability alows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the ActiveX control for the Snapshot Viewer for Microsoft Access. A remote attacker can construct a specially crafted Web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Software: Microsoft Office

Known/fameous malware:

JS/Exploit.CVE-2008-2463.A
Exploit kits using this vulnerability: Eleonore and Siberia.

Remote code execution in Microsoft Windows Internet Printing Service
CVE-2008-1446

Integer overflow

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow in Windows Internet Printing Protocol (IPP) implementation. By sending a specially crafted HTTP POST request, a remote authenticated attacker can cause memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

According to US CERT, the targeted attacks were spotted on May 2, 2008.

Software: Windows

According to US CERT, the targeted attacks were spotted on May 2, 2008.

Privilege escalation in Microsoft Windows
CVE-2008-1436

Privilege escalation

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper security restrictions on security tokens in the Microsoft Distributed Transaction Coordinator (MSDTC) service. By sending a specially crafted request to the MSDTC service, an attacker can access privileged security tokens and execute code with privileges of SYSTEM account.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.

Note: this vulnerability was being actively exploited.
i

The vulnerability was used in Operation Iron Tiger, a cyber espionage campaign carried out by Chinese hackers on United States Defense Contractors.

Software: Windows

The vulnerability was used in Operation Iron Tiger, a cyber espionage campaign carried out by Chinese hackers on United States Defense Contractors.

Remote code execution in Microsoft Jet
CVE-2007-6026

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in Jet database engine when parsing .mdb files. A remote attacker can create a specially crafted .mdb file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is publicly disclosed since 2005, however an attack vector was introduced only in 2008. The vulnerability is being actively exploited.
i

The vulnerability initially had three CVEs: CVE-2005-0944, CVE-2007-6026 and CVE-2008-1092.
The issue has been introduced on 02/17/2000. The vulnerability was handled as a non-public zero-day exploit for at least 2832 days.

Software: Microsoft Jet

Known/fameous malware:

Trojan.Acdropper.C

The vulnerability initially had three CVEs: CVE-2005-0944, CVE-2007-6026 and CVE-2008-1092.
The issue has been introduced on 02/17/2000. The vulnerability was handled as a non-public zero-day exploit for at least 2832 days.

Multiple vulnerabilities in Microsoft Excel
CVE-2008-0081

Memory corruption

The vulnerability alows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a boundary error when handling macros in Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Software: Microsoft Excel

Known/fameous malware:

mx97:cve-2008-0081 virus
Exploit-MSExcel.p

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.