Core-HQ-bldg-300x139I ended the month of February with RSA, from a vendor point of view the show seemed to be bigger than last year; more vendors and it felt like there were more vendors with large scale booths than in previous years. I am sure that must say something about the economy - but I will leave it to others to make that distinction.

As always with the first month after a release February was full of calls with excited customers who wanted a deeper dive into some of the new features. You can read more about the new features here and if you are a customer or not I always enjoy taking people through Impact so feel free to email me (or your Core rep) and request a time to go through the new features in more detail.

Updates for February 2013 (excluding 11 maintenance updates)

Remote Code Execution

Novell eDirectory ndsd Remote Buffer Overflow Exploit
EMC AlphaStor Device Manager Command Injection Exploit
Enterasys NetSight nssyslogd PRI Buffer Overflow Exploit

ClientSide

Foxit Reader Firefox Plugin npFoxitReaderPlugin Buffer Overflow Exploit
Adobe Flash Player SWF Load Crafted Module Exploit
NTR ActiveX Control Check Method Buffer Overflow Exploit
Novell GroupWise gwcls1 ActiveX Malicious Pointer Exploit
Adobe Acrobat Reader acroform.api Exploit

Privilege Escalation

Sparklabs Viscosity Python Exec Local Privilege Escalation Exploit

This month also saw the L3 team release five updates; as a reminder the L3 team is a quick response team for our customers. This team is responsible for delivering enhancements and tweaks as requested by our customers. In this month they have release the following additions or updates:

Get AntiVirus Product Name
Import Output from ACAS Nessus
Network Information Gathering and Vulnerability Scanner Wizards Importer Update
Import Output from Cenzic Update
Default Domain for DNS Communication Channel Update

Alex Horan, Senior Product Manager.