Published Advisories

PUBLISHED ADVISORIES

The following is a list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor's fixes.

Available in RSS Format
ZDI ID ZDI CAN AFFECTED VENDOR(S) CVE CVSS v3.0 PUBLISHED UPDATED TITLE
ZDI-08-099 ZDI-CAN-357 Microsoft CVE-2008-4019   2008-10-14 Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability
ZDI-08-098 ZDI-CAN-279 America Online     2008-06-10 AOL AIM SIPFoundry sipXtapi RTP Processing Heap Overflow Vulnerability
ZDI-08-097 ZDI-CAN-251 America Online     2008-06-10 AOL AIM SIPFoundry sipXtapi RTCP Processing Heap Overflow Vulnerability
ZDI-08-096 ZDI-CAN-360 EMC CVE-2008-3684   2008-08-14 EMC ApplicationXtender Workflow Server Admin Agent Heap Overflow Vulnerability
ZDI-08-095 ZDI-CAN-358 EMC CVE-2008-3685   2008-08-14 EMC ApplicationXtender Workflow Server Admin Agent Arbitrary File Upload Vulnerability
ZDI-08-094 ZDI-CAN-259 Mozilla Firefox CVE-2008-5013   2008-11-12 Mozilla Firefox Flash Player Dynamic Module Unloading Vulnerability
ZDI-08-093 ZDI-CAN-390 Mozilla Firefox, Mozilla Firefox CVE-2008-5021   2008-11-12 Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
ZDI-08-092 ZDI-CAN-268 Adobe CVE-2007-6637   2008-04-08 Adobe Flash Script Injection Cross Domain Scripting Vulnerability
ZDI-08-091 ZDI-CAN-380 RealNetworks     2008-12-16 RealNetworks Helix Server NTLM Authentication Malformed Base64 Heap Overflow Vulnerability
ZDI-08-090 ZDI-CAN-333 RealNetworks     2008-12-16 2021-07-15 RealNetworks Helix Server DataConvertBuffer Heap Overflow Vulnerability
ZDI-08-089 ZDI-CAN-293 RealNetworks     2008-12-16 RealNetworks Helix DNA Server RTSP DESCRIBE Heap Overflow Vulnerability
ZDI-08-088 ZDI-CAN-160 Oracle     2008-12-16 Oracle E-Business Suite Business Intelligence SQL Injection Vulnerability
ZDI-08-087 ZDI-CAN-331 Microsoft CVE-2008-4259   2008-12-09 Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability
ZDI-08-086 ZDI-CAN-377 Microsoft CVE-2008-4837   2008-12-09 Microsoft Office Word Document Table Property Stack Overflow Vulnerability
ZDI-08-085 ZDI-CAN-351 Microsoft, Microsoft CVE-2008-4028   2008-12-09 Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
ZDI-08-084 ZDI-CAN-334 Microsoft, Microsoft CVE-2008-4027   2008-12-09 Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
ZDI-08-083 ZDI-CAN-387 Microsoft CVE-2008-4255   2008-12-09 Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
ZDI-08-082 ZDI-CAN-325 BMC Software CVE-2008-5982   2008-12-08 BMC PatrolAgent Version Logging Format String Vulnerability
ZDI-08-081 ZDI-CAN-363 Sun Microsystems CVE-2008-5339   2008-12-04 Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities
ZDI-08-080 ZDI-CAN-319 Sun Microsystems CVE-2008-5359   2008-12-04 Sun Java AWT Library Sandbox Violation Vulnerability
ZDI-08-079 ZDI-CAN-410 Cerulean Studios CVE-2008-5403   2008-12-04 Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability
ZDI-08-078 ZDI-CAN-409 Trillian CVE-2008-5402   2008-12-04 Trillian IMG SRC ID Memory Corruption Vulnerability
ZDI-08-077 ZDI-CAN-408 Cerulean Studios, Cerulean Studios CVE-2008-5401   2008-12-04 Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability
ZDI-08-076 ZDI-CAN-406 EMC CVE-2008-5420   2008-11-20 EMC Control Center SST_SENDFILE Remote File Retrieval Vulnerability
ZDI-08-075 ZDI-CAN-398 EMC CVE-2008-5419   2008-11-20 EMC Control Center SST_CTGTRANS Overflow Vulnerability
ZDI-08-074 ZDI-CAN-329 Adobe CVE-2008-4813   2008-11-04 Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability
ZDI-08-073 ZDI-CAN-302 Adobe CVE-2008-4813   2008-11-04 Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability
ZDI-08-072 ZDI-CAN-283 Adobe CVE-2008-2992   2008-11-04 Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability
ZDI-08-071 ZDI-CAN-321 IBM CVE-2008-4801   2008-10-30 IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability
ZDI-08-070 ZDI-CAN-350 SonicWALL CVE-2008-4918   2008-10-30 SonicWALL Content-Filtering Universal Script Injection Vulnerability
ZDI-08-069 ZDI-CAN-353 Microsoft CVE-2008-3475   2008-10-14 Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability
ZDI-08-068 ZDI-CAN-345 Microsoft CVE-2008-3471   2008-10-14 Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability
ZDI-08-067 ZDI-CAN-367 Apple CVE-2008-3641   2008-10-09 Apple CUPS HP-GL/2 Filter Remote Code Execution Vulnerability
ZDI-08-066 ZDI-CAN-335 Novell CVE-2008-4480   2008-10-08 Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability
ZDI-08-065 ZDI-CAN-336 Novell CVE-2008-4478   2008-10-08 Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability
ZDI-08-064 ZDI-CAN-313 Novell CVE-2008-4479   2008-10-08 Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability
ZDI-08-063 ZDI-CAN-312 Novell CVE-2008-4478   2008-10-08 Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability
ZDI-08-062 ZDI-CAN-339 Apple CVE-2008-3627   2008-09-09 Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability
ZDI-08-061 ZDI-CAN-309 Apple CVE-2008-3627   2008-09-09 Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability
ZDI-08-060 ZDI-CAN-304 Apple CVE-2008-3627   2008-09-09 Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability
ZDI-08-059 ZDI-CAN-328 Apple CVE-2008-3626   2008-09-09 Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability
ZDI-08-058 ZDI-CAN-356 Apple CVE-2008-3625   2008-09-09 Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability
ZDI-08-057 ZDI-CAN-376 Apple CVE-2008-3635   2008-09-09 Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
ZDI-08-056 ZDI-CAN-249 Microsoft, Microsoft, Microsoft, Microsoft CVE-2008-3013   2008-09-09 Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
ZDI-08-055 ZDI-CAN-211 Microsoft, Microsoft, Microsoft, Microsoft CVE-2008-3015   2008-09-09 Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
ZDI-08-054 ZDI-CAN-338 Adium, Pidgin CVE-2008-2927   2008-08-28 Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
ZDI-08-053 ZDI-CAN-359 Symantec CVE-2008-3703   2008-08-14 Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability
ZDI-08-052 ZDI-CAN-347 OpenLDAP Foundation CVE-2008-2952   2008-08-14 OpenLDAP BER Decoding Remote DoS Vulnerability
ZDI-08-051 ZDI-CAN-308 Microsoft CVE-2008-2258   2008-08-12 Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability
ZDI-08-050 ZDI-CAN-322 Microsoft, Microsoft CVE-2008-2257   2008-08-12 Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability
ZDI-08-049 ZDI-CAN-103 Microsoft CVE-2008-3021   2008-08-12 Microsoft Windows Graphics Rendering Engine PICT Heap Corruption Vulnerability
ZDI-08-048 ZDI-CAN-307 Microsoft CVE-2008-3006   2008-08-12 Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
ZDI-08-047 ZDI-CAN-270 RealNetworks CVE-2008-1309   2008-07-25 RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability
ZDI-08-046 ZDI-CAN-231 RealNetworks CVE-2008-3066   2008-07-25 RealNetworks RealPlayer Library File Deletion Stack Overflow Vulnerability
ZDI-08-045 ZDI-CAN-332 Apple CVE-2008-2317   2008-07-25 Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability
ZDI-08-044 ZDI-CAN-349 Mozilla Firefox, Mozilla Firefox CVE-2008-2785   2008-07-17 Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
ZDI-08-043 ZDI-CAN-287 Sun Microsystems CVE-2008-3111   2008-07-17 Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability
ZDI-08-042 ZDI-CAN-315 Sun Microsystems CVE-2008-3112   2008-07-17 Sun Java Web Start Sandbox Bypass Vulnerability
ZDI-08-041 ZDI-CAN-276 Novell CVE-2008-3159   2008-07-10 Novell eDirectory dhost Integer Overflow Code Execution Vulnerability
ZDI-08-040 ZDI-CAN-281 Microsoft CVE-2008-1444   2008-06-10 Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
ZDI-08-039 ZDI-CAN-269 Microsoft CVE-2008-1442   2008-06-10 Microsoft Internet Explorer DOM Object substringData() Heap Overflow Vulnerability
ZDI-08-038 ZDI-CAN-326 Apple CVE-2008-1585   2008-06-10 Apple QuickTime SMIL qtnext Redirect File Execution Vulnerability
ZDI-08-037 ZDI-CAN-297 Apple CVE-2008-1584   2008-06-10 Apple QuickTime Indeo Video Buffer Overflow Vulnerability
ZDI-08-036 ZDI-CAN-341 Computer Associates CVE-2008-2541   2008-06-04 CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability
ZDI-08-035 ZDI-CAN-340 Computer Associates CVE-2008-2541   2008-06-04 CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability
ZDI-08-034 ZDI-CAN-185 Hewlett-Packard CVE-2008-1661   2008-06-04 Hewlett-Packard StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability
ZDI-08-033 ZDI-CAN-222 Motorola CVE-2008-2548   2008-05-27 Motorola RAZR JPG Processing Stack Overflow Vulnerability
ZDI-08-032 ZDI-CAN-280 Adobe CVE-2007-0071   2008-05-22 Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption Vulnerability
ZDI-08-031 ZDI-CAN-323 Cerulean Studios CVE-2008-2409   2008-05-21 Trillian MSN MIME Header Stack-Based Overflow Vulnerability
ZDI-08-030 ZDI-CAN-311 Cerulean Studios CVE-2008-2408   2008-05-21 Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability
ZDI-08-029 ZDI-CAN-275 Cerulean Studios CVE-2008-2407   2008-05-21 Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability
ZDI-08-028 ZDI-CAN-247 IBM CVE-2008-2499   2008-05-21 IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability
ZDI-08-027 ZDI-CAN-088 Computer Associates CVE-2008-2241   2008-05-19 CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability
ZDI-08-026 ZDI-CAN-063 Computer Associates CVE-2008-2242   2008-05-19 CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Vulnerability
ZDI-08-025 ZDI-CAN-291 Symantec CVE-2008-2291   2008-05-15 Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability
ZDI-08-024 ZDI-CAN-290 Symantec CVE-2008-2286   2008-05-15 Symantec Altiris Deployment Solution SQL Injection Vulnerability
ZDI-08-023 ZDI-CAN-284 Microsoft, Microsoft CVE-2008-1091   2008-05-13 Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
ZDI-08-022 ZDI-CAN-303 Apple CVE-2008-1026   2008-04-16 Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
ZDI-08-021 ZDI-CAN-277 Adobe CVE-2007-6019   2008-04-08 Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
ZDI-08-020 ZDI-CAN-295 Microsoft, Microsoft, Microsoft, Microsoft CVE-2008-1083   2008-04-08 Microsoft GDI WMF Parsing Heap Overflow Vulnerability
ZDI-08-019 ZDI-CAN-272 Apple CVE-2008-1022   2008-04-03 Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability
ZDI-08-018 ZDI-CAN-296 Apple CVE-2008-1021   2008-04-03 Apple QuickTime Run Length Encoding Heap Overflow Vulnerability
ZDI-08-017 ZDI-CAN-289 Apple CVE-2008-1020   2008-04-03 Apple QuickTime Kodak Encoding Heap Overflow Vulnerability
ZDI-08-016 ZDI-CAN-285 Apple CVE-2008-1018   2008-04-03 Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability
ZDI-08-015 ZDI-CAN-292 Apple CVE-2008-1017   2008-04-03 Apple QuickTime Clipping Region Heap Overflow Vulnerability
ZDI-08-014 ZDI-CAN-267 Apple CVE-2008-1019   2008-04-03 Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities
ZDI-08-013 ZDI-CAN-214 Novell CVE-2008-0924   2008-03-26 Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
ZDI-08-012 ZDI-CAN-255 IBM CVE-2008-0727   2008-03-13 IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability
ZDI-08-011 ZDI-CAN-254 IBM CVE-2008-0727   2008-03-13 IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability
ZDI-08-010 ZDI-CAN-235 Sun Microsystems CVE-2008-1188   2008-03-12 Java Web Start encoding Stack Buffer Overflow Vulnerability
ZDI-08-009 ZDI-CAN-234 Sun Microsystems CVE-2008-1188   2008-03-12 Java Web Start tempbuff Stack Buffer Overflow Vulnerability
ZDI-08-008 ZDI-CAN-195 Microsoft CVE-2008-0113   2008-03-11 Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability
ZDI-08-007 ZDI-CAN-227 Symantec CVE-2008-0638   2008-02-20 Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability
ZDI-08-006 ZDI-CAN-243 Microsoft CVE-2008-0077   2008-02-12 Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability
ZDI-08-005 ZDI-CAN-266 Novell CVE-2008-0639   2008-02-11 Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability
ZDI-08-004 ZDI-CAN-262 Adobe CVE-2008-0726   2008-02-11 Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability
ZDI-08-003 ZDI-CAN-253 Symantec CVE-2008-0457   2008-02-06 Symantec Backup Exec Remote File Upload Vulnerability
ZDI-08-002 ZDI-CAN-212 Citrix CVE-2008-0356   2008-01-17 Citrix Metaframe Presentation Server IMA Service Heap Overflow Vulnerability
ZDI-08-001 ZDI-CAN-196 IBM CVE-2008-0247   2008-01-14 IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability