Published Advisories

PUBLISHED ADVISORIES

The following is a list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor's fixes.

Available in RSS Format
ZDI ID ZDI CAN AFFECTED VENDOR(S) CVE CVSS v3.0 PUBLISHED UPDATED TITLE
ZDI-09-101 ZDI-CAN-450 Novell     2009-11-30 Novell ZENworks Desktop Management Installation Service Remote Information Disclosure Vulnerability
ZDI-09-100 ZDI-CAN-488 IBM     2009-12-15 IBM DB2 Universal Database Multiple SQL Functions Remote Code Execution Vulnerabilities
ZDI-09-099 ZDI-CAN-105 Hewlett-Packard CVE-2007-2280   2009-12-17 Hewlett-Packard OpenView Data Protector Backup Client Service Buffer Overflow Vulnerability
ZDI-09-098 ZDI-CAN-456 Symantec, Symantec, Symantec, Symantec, Symantec CVE-2009-3027   2009-12-09 Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
ZDI-09-097 ZDI-CAN-523 Hewlett-Packard CVE-2009-3849   2009-12-09 Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability
ZDI-09-096 ZDI-CAN-522 Hewlett-Packard CVE-2009-3848   2009-12-09 Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability
ZDI-09-095 ZDI-CAN-518 Hewlett-Packard CVE-2009-3849   2009-12-09 Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability
ZDI-09-094 ZDI-CAN-453 Hewlett-Packard CVE-2009-3845   2009-12-09 Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities
ZDI-09-093 ZDI-CAN-392 Adobe CVE-2009-3799   2009-12-09 Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
ZDI-09-092 ZDI-CAN-517 Adobe CVE-2009-3794   2009-12-09 Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
ZDI-09-091 ZDI-CAN-503 Hewlett-Packard CVE-2009-3844   2009-12-08 Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack Overflow Vulnerability
ZDI-09-090 ZDI-CAN-432 Microsoft, Microsoft, Microsoft CVE-2009-4310   2009-12-08 Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability
ZDI-09-089 ZDI-CAN-314 Microsoft, Microsoft, Microsoft CVE-2009-4309   2009-12-08 Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability
ZDI-09-088 ZDI-CAN-547 Microsoft CVE-2009-3674   2009-12-08 Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability
ZDI-09-087 ZDI-CAN-541 Microsoft, Microsoft CVE-2009-3673   2009-12-08 Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability
ZDI-09-086 ZDI-CAN-496 Microsoft CVE-2009-3671   2009-12-08 Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
ZDI-09-085 ZDI-CAN-618 Hewlett-Packard CVE-2009-3843   2009-11-20 Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability
ZDI-09-084 ZDI-CAN-481 Apple CVE-2009-0954   2009-06-02 Apple Quicktime FIRE Codec Heap Buffer Overflow Vulnerability
ZDI-09-083 ZDI-CAN-587 Microsoft CVE-2009-3129   2009-11-10 Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability
ZDI-09-082 ZDI-CAN-567 Microsoft CVE-2009-3127   2009-11-10 Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability
ZDI-09-081 ZDI-CAN-492 Hewlett-Packard CVE-2009-2685   2009-11-05 Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability
ZDI-09-080 ZDI-CAN-562 Sun Microsystems CVE-2009-3874   2009-11-04 Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
ZDI-09-079 ZDI-CAN-551 Sun Microsystems CVE-2009-3871   2009-11-04 Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
ZDI-09-078 ZDI-CAN-550 Sun Microsystems CVE-2009-3869   2009-11-04 Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
ZDI-09-077 ZDI-CAN-505 Sun Microsystems CVE-2009-3866   2009-11-04 Sun Java Web Start Arbitrary Command Execution Vulnerability
ZDI-09-076 ZDI-CAN-491 Sun Microsystems CVE-2009-3867   2009-11-04 Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
ZDI-09-075 ZDI-CAN-513 Novell CVE-2009-3862   2009-11-02 Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
ZDI-09-074 ZDI-CAN-369 EMC, OpenText, OpenText     2009-10-28 Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability
ZDI-09-073 ZDI-CAN-479 Adobe, Adobe CVE-2009-2985   2009-10-13 Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability
ZDI-09-072 ZDI-CAN-605 Microsoft, Microsoft, Microsoft, Microsoft CVE-2009-2503   2009-10-13 Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
ZDI-09-071 ZDI-CAN-494 Microsoft, Microsoft, Microsoft CVE-2009-2531   2009-10-13 Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
ZDI-09-070 ZDI-CAN-489 Microsoft, Microsoft, Microsoft CVE-2009-2530   2009-10-13 Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
ZDI-09-069 ZDI-CAN-320 Microsoft, Microsoft CVE-2009-0555   2009-10-13 Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
ZDI-09-068 ZDI-CAN-452 EMC CVE-2009-1120   2009-04-07 EMC RepliStor Server Service DoASOCommand Remote Code Execution Vulnerability
ZDI-09-067 ZDI-CAN-497 Novell     2009-09-30 Novell NetWare NFS Portmapper and RPC Module Stack Overflow Vulnerability
ZDI-09-066 ZDI-CAN-504 Adobe CVE-2009-3068   2009-09-23 Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability
ZDI-09-065 ZDI-CAN-536 Mozilla Firefox CVE-2009-3077   2009-09-10 Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
ZDI-09-064 ZDI-CAN-524 Apple CVE-2009-2798   2009-09-10 Apple QuickTime FlashPix Sector Size Overflow Vulnerability
ZDI-09-063 ZDI-CAN-500 Apple CVE-2009-2799   2009-09-10 Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability
ZDI-09-062 ZDI-CAN-482 Microsoft CVE-2009-1920   2009-09-08 Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
ZDI-09-061 ZDI-CAN-246 Symantec, Symantec, Symantec CVE-2009-1430   2009-04-28 Symantec Multiple Product Intel Alert Originator Service Invalid Length Check Overflow Vulnerability
ZDI-09-060 ZDI-CAN-174 Symantec, Symantec, Symantec CVE-2009-1429   2009-04-28 Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty
ZDI-09-059 ZDI-CAN-442 Oracle CVE-2009-1978   2009-08-18 Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities
ZDI-09-058 ZDI-CAN-443 Oracle CVE-2009-1977   2009-08-18 Oracle Secure Backup Administration Server Authentication Bypass Vulnerability
ZDI-09-057 ZDI-CAN-301 Microsoft CVE-2009-1133   2009-08-11 Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability
ZDI-09-056 ZDI-CAN-273 Microsoft, Microsoft CVE-2009-2496   2009-08-11 Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability
ZDI-09-055 ZDI-CAN-186 Microsoft, Microsoft CVE-2009-0562   2009-08-11 Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability
ZDI-09-054 ZDI-CAN-175 Microsoft, Microsoft CVE-2009-1136   2009-08-11 Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability
ZDI-09-053 ZDI-CAN-437 Microsoft, Microsoft CVE-2009-1923   2009-08-11 Microsoft Windows WINS Service Heap Overflow Vulnerability
ZDI-09-052 ZDI-CAN-233 Computer Associates CVE-2009-2026   2009-08-07 CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability
ZDI-09-051 ZDI-CAN-451 EMC     2009-08-07 EMC Replication Manager Client Control Service Remove Code Execution Vulnerability
ZDI-09-050 ZDI-CAN-460 Sun Microsystems     2009-08-05 Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability
ZDI-09-049 ZDI-CAN-475 Sun Microsystems CVE-2009-2675   2009-08-05 Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability
ZDI-09-048 ZDI-CAN-484 Microsoft CVE-2009-1919   2009-08-05 Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability
ZDI-09-047 ZDI-CAN-483 Microsoft CVE-2009-1918   2009-08-05 Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
ZDI-09-046 ZDI-CAN-493 Novell     2009-07-21 Novell Privileged User Manager Remote DLL Injection Vulnerability
ZDI-09-045 ZDI-CAN-389 Microsoft, Microsoft, Microsoft CVE-2009-1539   2009-07-14 Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability
ZDI-09-044 ZDI-CAN-327 Adobe CVE-2009-1860   2009-06-24 Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability
ZDI-09-043 ZDI-CAN-416 Apple CVE-2009-1719   2009-06-16 Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
ZDI-09-042 ZDI-CAN-433 Adobe CVE-2009-1855   2009-06-10 Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability
ZDI-09-041 ZDI-CAN-463 Microsoft CVE-2009-1532   2009-06-10 Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability
ZDI-09-040 ZDI-CAN-454 Microsoft CVE-2009-1134   2009-06-10 Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability
ZDI-09-039 ZDI-CAN-429 Microsoft CVE-2009-1531   2009-06-10 Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability
ZDI-09-038 ZDI-CAN-428 Microsoft CVE-2009-1530   2009-06-10 Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
ZDI-09-037 ZDI-CAN-426 Microsoft CVE-2009-1528   2009-06-10 Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability
ZDI-09-036 ZDI-CAN-425 Microsoft CVE-2009-1529   2009-06-10 Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
ZDI-09-035 ZDI-CAN-365 Microsoft CVE-2009-0563   2009-06-10 Microsoft Word Document Stack Based Buffer Overflow Vulnerability
ZDI-09-034 ZDI-CAN-401 Apple CVE-2009-1709   2009-06-08 Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability
ZDI-09-033 ZDI-CAN-430 Apple CVE-2009-1701   2009-06-08 Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability
ZDI-09-032 ZDI-CAN-441 Apple CVE-2009-1698   2009-06-08 Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability
ZDI-09-031 ZDI-CAN-424 Adium, Pidgin CVE-2009-1376   2009-06-08 Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
ZDI-09-030 ZDI-CAN-413 Apple CVE-2009-0010   2009-06-02 Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
ZDI-09-029 ZDI-CAN-480 Apple CVE-2009-0957   2009-06-02 Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability
ZDI-09-028 ZDI-CAN-414 Apple CVE-2009-0954   2009-06-02 Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability
ZDI-09-027 ZDI-CAN-412 Apple CVE-2009-0953   2009-06-02 Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability
ZDI-09-026 ZDI-CAN-469 Apple CVE-2009-0952   2009-06-02 Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability
ZDI-09-025 ZDI-CAN-402 Apple CVE-2009-0951   2009-06-02 Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability
ZDI-09-024 ZDI-CAN-399 Safenet CVE-2009-1943   2009-06-01 Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability
ZDI-09-023 ZDI-CAN-462 Apple CVE-2009-0154   2009-05-13 Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability
ZDI-09-022 ZDI-CAN-464 Apple CVE-2009-0945   2009-05-13 Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
ZDI-09-021 ZDI-CAN-470 Apple CVE-2009-0010   2009-05-13 Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability
ZDI-09-020 ZDI-CAN-355 Microsoft CVE-2009-1130   2009-05-12 Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability
ZDI-09-019 ZDI-CAN-299 Microsoft CVE-2009-0556   2009-05-12 Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability
ZDI-09-018 ZDI-CAN-226 Symantec, Symantec, Symantec CVE-2009-1430   2009-04-28 Symantec Multiple Product Intel Alert Originator Service Stack Overflow Vulnerability
ZDI-09-017 ZDI-CAN-248 Oracle CVE-2009-0993   2009-04-14 Oracle Applications Server 10g Format String Vulnerability
ZDI-09-016 ZDI-CAN-397 Novell CVE-2009-1350   2009-04-06 Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability
ZDI-09-015 ZDI-CAN-465 Mozilla Firefox CVE-2009-1044   2009-03-30 Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability
ZDI-09-014 ZDI-CAN-362 Adobe CVE-2009-0927   2009-03-24 Adobe Acrobat getIcon() Stack Overflow Vulnerability
ZDI-09-013 ZDI-CAN-423 Mozilla Firefox CVE-2009-0775   2009-03-05 Mozilla Firefox XUL Linked Clones Double Free Vulnerability
ZDI-09-012 ZDI-CAN-400 Microsoft CVE-2009-0076   2009-02-10 Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
ZDI-09-011 ZDI-CAN-391 Microsoft CVE-2009-0075   2009-02-10 Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
ZDI-09-010 ZDI-CAN-384 Novell CVE-2009-0410   2009-02-02 Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
ZDI-09-009 ZDI-CAN-364 EMC CVE-2009-0311   2009-01-23 EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability
ZDI-09-008 ZDI-CAN-352 Apple CVE-2009-0007   2009-01-21 Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability
ZDI-09-007 ZDI-CAN-344 Apple CVE-2009-0006   2009-01-21 Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability
ZDI-09-006 ZDI-CAN-393 Apple CVE-2009-0003   2009-01-21 Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability
ZDI-09-005 ZDI-CAN-382 Apple CVE-2009-0002   2009-01-21 Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability
ZDI-09-004 ZDI-CAN-300 Oracle CVE-2008-5440   2009-01-14 Oracle TimesTen evtdump Remote Format String Vulnerability
ZDI-09-003 ZDI-CAN-224 Oracle CVE-2008-5448   2009-01-14 Oracle Secure Backup exec_qr() Command Injection Vulnerability
ZDI-09-002 ZDI-CAN-379 Microsoft, Microsoft, Microsoft, Microsoft, Microsoft CVE-2008-4835   2009-01-13 Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability
ZDI-09-001 ZDI-CAN-354 Microsoft, Microsoft, Microsoft, Microsoft, Microsoft CVE-2008-4834   2009-01-13 Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability