With 2012 behind us I've already taken the time to look back at the year; but I wanted to make sure that the events of December were not lost in the shuffle. It is tempting in December, especially after a year in which we release hundreds of updates and two new versions of Impact to coast. In addition, we were putting ther finishing touches on the next amazing version of Impact 2013 R1 (more here). But we prefer to end the year with a push - despite the holidays and the excitement of New Years, we managed to release a healthy haul of updates for our customers.

Updates for December 2012 (excluding five maintenance updates)

Remote Code Execution

Basilic diff PHP Code Execution Exploit
WeBid converter Remote Code Execution Exploit
OP5 license Remote Code Execution Exploit
Xampp webdav PHP Upload Exploit
VCMS Image Arbitrary Upload Exploit
Novell File Reporter NFRAgent FSFUI Record File Upload Exploit

Client Side

WibuKey Runtime for Windows ActiveX Exploit
Apple QuickTime MIME Type Buffer Overflow Exploit
IrfanView IMXCF Plugin Buffer Overflow Exploit

DoS

Microsoft Windows Print Spooler Service Format String Vulnerability DoS (MS12-054)
Microsoft Windows TrueType Font File Vulnerability DoS (MS12-075)

In addition to the above we also added support for importing data from a new scanner, and updated the Vulnerability Validation Wizard to reflect this new capability.

Alex Horan, Senior Product Manager.