Zero-Day Vulnerabilities Archive                        

The following archived zero-day vulnerabilities have been patched by the vendor. At the time of disclosure, these entries were made public and/or used in active attacks prior to the release of a patch. (see our active zero-day vulnerability list).

CASEScontact.org provided information to proactively protect systems from these flaws, while CyTRAP Labs tools help in detecting the presence of these vulnerabilities.

• CT110126: CASEScontact.org advisory - zero-day exploit - PATCH AVAILABLE NOW - vulnerability in Microsoft Internet Explorer - can be exploited by visiting malicious website  

  Date disclosed: 2008-12-11
  
  Affected Systems: vulnerability affects:

  • Windows XP - most versions,
  • Windows Vista x64 and 32 bit - all versions,
  • Microsoft Internet Explorer 7,
  • Microsoft Windows Server 2008 AND 2003 - most versions,
  are currently known to be vulnerable to this issue, although other versions may also be affected.
  Vendor: Microsoft
  Date patched: 2008-12-18
  Status: Patched
  Patch Info:

  Microsoft has issued a patch for this vulnerability within just about 10 days after exploits in the wild were discovered, you can get:

  • more info about the security update here Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714),
  • we recommend using automatic update ==> using MBSA you can check how this works with CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA,
  • what should one do? - If your Automatic Update is functioning properly, you are covered - CyTRAP Labs tip - how to make sure the latest security patch is installed, and go ahead and check
  • CASEScontact.org - zero-day patched exploits & vulnerabilities list & archive

  This is a kind of vulnerability can be mitigated by disabling Active Scripting in the Internet Zone. A safer option is to use Firefox and the no Script add-in (see as explained further below).

  If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs.
  
  Days of exposure: 8

• CT110121: CASEScontact.org - Adobe Reader - vulnerability exploited in the wild - AV software fails to detect  

  Date disclosed: 2008-02-09
  
  Affected Systems: Vulnerability affects:

  • Adobe Reader 7.0.9 and earlier
    with the following operating systems:
  • Windows XP and Vista
  Vulnerability was reported to be tested using the English version of a fully patched Windows XP SP2 operating system as well as Windows Vista.
  Vendor: Adobe
  Date patched: 2008-02-08
  Status: Patched
  Patch Info: You can reduce your risk for being infected (see below) but Adobe is currently working on the patch
  Days of exposure: 19

• CT110120: CASEScontact.org advisory - Microsoft Excel -- ZERO-DAY exploit - PATCH AVAILABLE NOW - targeted attacks exploiting unspecified error in the handling of Excel files  

  Date disclosed: 2008-01-16
  
  Affected Systems: The vulnerability affects:

  • most versions of Excel
    Vendor: Microsoft
    Date patched: 2008-03-11
    Status: Patched
    Patch Info:

    CyTRAP Labs: security reminder - 2008-03-11 - Patch Tuesday - Microsoft has issued a patch for this vulnerability within just about 56 days after discovery, you can get security patch and information here:

    Microsoft Security Advisory (947563): Vulnerability in Microsoft Excel Could Allow Remote Code Execution ==> CVE-2008-0081

    Check also our:

    • CASEScontact.org - zero-day patched exploits & vulnerabilities list & archive
      

    If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs.

    
    Days of exposure: 55

  • CT110119: CASEScontact.org advisory - zero-day alert - Apple QuickTime (iTunes) - PATCH AVAILABLE - buffer overflow vulnerability may allow execution of arbitrary code or denial of service attack  

    Date disclosed: 2008-01-11
    
    Affected Systems: Vulnerabilities affect:

    • Quicktime 7.x and earlier versions
    
    Vendor: Apple
    Date patched: 2008-01-16
    Status: Patched
    Patch Info: Apple has issued a patch for this vulnerability within just about 5 days after discovery, you can get:
    • latest program version here Apple Updates Quicktime 7.4, iTunes, iPod, etc.,
    • more info about the security update ==> Apple Security Updates ,
    • CASEScontact.org - zero-day patched exploits & vulnerabilities list & archive

      Since Quicktime is part of iTunes, users who have the latter installed also have Quicktime on their machine(s) .... Quicktime has to be launched and then the latest version can be downloaded (either automatic by program or going to Help > Options > check for latest version - this will trigger the program to download the latest version

      If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.
    
    Days of exposure: 6

  • CT110117: CASEScontact.org advisory - Apple QuickTime (iTunes) - zero-day exploit - PATCH AVAILABLE - RTSP (Real Time Streaming Protocol) vulnerability may allow execution of arbitrary code  

    Date disclosed: 2007-11-26
    
    Affected Systems: Vulnerabilities affect:

    • Quicktime 7 and earlier versions
    
    Vendor: Apple
    Date patched: 2007-12-14
    Status: Patched
    Patch Info: Apple has issued a patch for this vulnerability within just about 17 days after discovery, you can get more info here:
    • About the Security Update of Apple Quicktime 7.3.1,
    • Apple Quicktime 7.3.3 update - get the latest version,
    • CASEScontact.org - zero-day patched exploits & vulnerabilities list & archive

      Since Quicktime is part of iTunes, users who have the latter installed also have Quicktime on their machine(s) .... Quicktime has to be launched and then the latest version can be downloaded (either automatic by program or going to Help > Options > check for latest version - this will trigger the program to download the latest version

      
      Days of exposure: 21

    • CT110116: CASEScontact.org advisory - zero-day exploit - PATCH AVAILABLE - buffer overflow vulnerability in RealPlayer   

      Date disclosed: 2007-10-20
      
      Affected Systems: Vulnerability affects:

      • IE7 and IE6
      • RealPlayer 11 BETA and RealPlayer 10.5 are currently known to be vulnerable to this issue, although other versions may also be affected.
      Only systems on which BOTH, RealPlayer and IE have been installed are vulnerable
      Vendor: RealNetworks
      Date patched: 2007-10-20
      Status: Patched
      Days of exposure: 2

    • CT110113: CASEScontact.org advisory - zero-day exploit - Apple QuickTime media formats hacking into Firefox, Mozilla, Internet Explorer and Opera browsers - Firefox PATCH AVAILABLE  

      Date disclosed: 2007-09-13
      
      Affected Systems: Vulnerabilities affect:

      • Apple Quicktime (watch out - included with your iTunes software)
      • IE7,
      • Firefox 2.0.0.6 and 3,
      • Opera
      Vulnerabilities affect Microsoft Windows
      Vendor: Apple, Mozilla Foundation, Opera and Microsoft
      Date patched: 2007-09-19
      Status: Patched
      Patch Info: PATCH ISSUED 2007-09-19

      You need to upgrade your software as follows:

      • Downloading latest version of Firefox 2.0.0.7, Impact remote code execution and more,
      Please also remember to adjust your Options in Firefox, so next time you get this release automatically when surfing the net by doing as follows:
      • click on Tools, then Options
      • click on Update AND
      • check here to see the screenshot on what you have to do
        CyTRAP Labs quicktip - setting your Firefox options to get security updates automatically - it is easy AND convenient for YOU,

      Please remember, this vulnerability has neither been patched for Microsoft Internet Explorer nor the Opera browser

      
      Days of exposure: 7

    • CT110110: CASEScontact.org - PATCHED - Yahoo Messenger Webcam - ONE zero-day exploit - classic heap overflow   

      Date disclosed: 2007-08-16
      
      Affected Systems: Vulnerability affects:

      • Yahoo! Instant Messenger with the following operating systems:
        • Windows (includes XP and Vista)
      Vulnerability was tested using the French and English version of a fully patched Windows XP SP2 operating system.
      Vendor: Yahoo!
      Date patched: 2007-08-22
      Status: Patched
      Patch Info: Yahoo! has issued a patch for this vulnerability within just about 7 days after discovery, you can get more info here:
      • Yahoo! Security Updates - Yahoo! Webcam - classic heap overflow,
      • Yahoo! Messenger - get latest version with patch for Webcam ActiveX Controls installed,
      • 2007-08-30 - another update for a buffer overflow vulnerability .... if you fixed this zero-day with downloading updated version before 2007-08-29 - you are once again vulnerable for this latest buffer overflow vulnerability - UPDATE AGAIN.
      • CASEScontact.org - zero-day patched exploits & vulnerabilities list & archive
        Days of exposure: 9

      • CT110107: CASEScontact.org advisory - PATCH AVAILABLE - Microsoft Internet Explorer (Mozilla Firefox) - zero-day exploit - input validation flaw and vulnerability - proof of concept code released  

        Date disclosed: 2007-07-10
        
        Affected Systems: Vulnerability affects:

        • Microsoft Internet Explorer 6 and 7,and
        • Mozilla Firefox browser software.
        Vulnerability was tested using the French, German and English version of a fully patched Windows XP SP2 operating system.
        Vendor: Microsoft
        Date patched: 2007-11-13
        Status: Patched
        Patch Info: Get more information about the patch here:

        2007-11-13 - Patch Tuesday - Microsoft releases November security bulletin - patches for several critical vulnerabilities

        
        Days of exposure: 126

      • CT110105: CASEScontact.org - Yahoo Messenger - UPDATE - PATCH AVAILABLE - TWO zero-day exploits - buffer overflow security issue in an ActiveX control AND one vulnerability that affects the viewer ywcvwr.dll  

        Date disclosed: 2007-06-07
        
        Affected Systems: Vulnerability affects:

        • Yahoo! Instant Messenger with the following operating systems:
          • Windows (includes XP and Vista)
        Vulnerability was tested using the French and English version of a fully patched Windows XP SP2 operating system.
        Vendor: Yahoo!
        Date patched: 2007-06-09
        Status: Patched
        Patch Info: Yahoo! has issued a patch for this vulnerability within just about 72 hours after discovery, you can get more info here:
        • Yahoo! Security Updates - Yahoo! Webcam ActiveX Controls,
        • Yahoo! Messenger - get latest version with patch for Webcam ActiveX Controls installed,
        • CASEScontact.org - zero-day patched exploits & vulnerabilities list & archive
          Days of exposure: 4

        1 2 3 next page >>

:: Search ::

:: Home Delivery ::

:: CyTRAP Labs ::

:: JS Feeds ::

:: Risk Level ::

:: Refer to a Friend ::