Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 8

Remote code execution in Microsoft Windows
CVE-2011-3402

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers. A remote attacker can create a specially crafted Word document or web page containing font data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This vulnerability was being actively exploited by the Stuxnet in Duqu attack.

Software: Windows

Known/fameous malware:

Win32/Exploit.CVE-2011-3402.G
W32.Duqu

This vulnerability was being actively exploited by the Stuxnet in Duqu attack.

Denial of service in Microsoft RDP
CVE-2011-1968

Denial of service

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to an error in the Remote Desktop Protocol when processing a sequence of malicious packets. A remote attacker can send a specially crafted RDP packets, gain access to an object that was not properly initialized or is deleted and cause the system to stop responding and restart.

Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Windows

Privilege escalation in Microsoft Windows
CVE-2011-1249

Privilege escalation

The vulnerability allows a local user to gain elevated privileges on the target system.

The vulnerability exists due to improper validation of input passed from user mode to the kernel in the Ancillary Function Driver (afd.sys). By running a malicious application, a local attacker with valid login credentials can execute arbitrary code with system privileges.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Windows

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2011-1255

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error related to time element when Internet Explorer attempts to access objects that have not been correctly initialized or have been deleted. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Note: According to experts from M86, the vulnerability was exploited in targeted attacks before the official patch release from Microsoft.
i

According to experts from M86, this vulnerability was exploited in targeted attacks before the official patch release from Microsoft.

Software: Microsoft Internet Explorer

According to experts from M86, this vulnerability was exploited in targeted attacks before the official patch release from Microsoft.

Multiple vulnerabilities in Microsoft Windows
CVE-2012-0181

Improper input validation

The vulnerability allows a local user to obtain elevated privileges on the target system.

The vulnerability exists due to improper managing of Keyboard Layout files by the kernel-mode driver (win32k.sys). A local attacker can execute arbitrary code on vulnerable system with SYSTEM privileges.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.

Note: the vulnerability was being actively exploited.

i

According to Trustwave this is a zero-day.
A private exploit has been developed by Cr4sh and been published 2 weeks after the advisory.

CVE-2012-0181 fixes an issue alluded to on exploitdb site on Nov. 21, 2011, fixed July 10, 2012.

Software: Windows

According to Trustwave this is a zero-day.
A private exploit has been developed by Cr4sh and been published 2 weeks after the advisory.

CVE-2012-0181 fixes an issue alluded to on exploitdb site on Nov. 21, 2011, fixed July 10, 2012.

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2011-0094

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling layout objects that have not been correctly initialized or have been deleted. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This vulnerability was reported to iDefense by anonymous. NSS was ready to pay for exploit for this vulnerability $100-500.

The vulnerability was used to compromise Philippines human rights website.

Software: Microsoft Internet Explorer

Known/fameous malware:

Exploit:Win32/CVE-2011-0094.A

This vulnerability was reported to iDefense by anonymous. NSS was ready to pay for exploit for this vulnerability $100-500.

The vulnerability was used to compromise Philippines human rights website.

Information disclosure in MHTML in Microsoft Windows
CVE-2011-0096

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input passed via MIME-formatted requests for content blocks within a document. A remote attacker can trick the victim to follow a specially crafted "MHTML:" link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


i

The vulnerability was originally disclosed on the WooYun website.

Software: Windows

Known/fameous malware:

exploit:win32/cve-2011-0096 trojan horse.

The vulnerability was originally disclosed on the WooYun website.

Remote code execution in Microsoft Internet Explorer
CVE-2011-1345

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling onPropertyChange function calls. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was firstly disclosed by VUPEN in January 22, 2011.

This issue was disclosed as part of the Pwn2Own 2011 contest.
Using this vulnerability Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win CanSecWest hacker challenge ($15,000 cash prize and a new Windows laptop) in March 9-11 in Vancouver, British Columbia.

The issue has been introduced in 03/05/2008.

Software: Microsoft Internet Explorer

Known/fameous malware:

Exploit:JS/CVE-2011-1345.

The vulnerability was firstly disclosed by VUPEN in January 22, 2011.

This issue was disclosed as part of the Pwn2Own 2011 contest.
Using this vulnerability Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win CanSecWest hacker challenge ($15,000 cash prize and a new Windows laptop) in March 9-11 in Vancouver, British Columbia.

The issue has been introduced in 03/05/2008.