As we head in the final stretch of 2012 and brace ourselves for the inevitable blog posts about the year-in-review or predictions for 2013, it is important not to take our foot of the pedal and keep producing value for our customers. Our Exploit Writing and L3 teams have been pushing out exploits and functionality updates all month, while we have also been working with vendors to ensure issues we find in their products are patched in a timely basis. When you are working with a product you love, with people you respect, then putting in the extra effort to get things out the door early feels like no effort at all.

 

Updates for November 2012 (exploding maintenance updates)

Remote Code Execution

HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Exploit
HP Data Protector Express Create New Folder Buffer Overflow Exploit
Avaya IP Office Customer Call Reporter ImageUpload Exploit
Invision Power Board Unserialize Remote Code Execution Exploit
WebCalendar Remote Code Execution Exploit
AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Exploit

Client Side

Aladdin Knowledge System Ltd PrivAgent ChooseFilePath Buffer Overflow Exploit
NTR ActiveX Control StopModule Remote Code Execution Exploit
Apple QuickTime text3GTrack attribute TeXML Stack Buffer Overflow Exploit
Novell ZENworks AdminStudio LaunchHelp ActiveX Arbitrary Code Execution Exploit
CYME ChartFX Client Server ActiveX Control Exploit
VMware OVF Tool Format String Exploit
Oracle Java JAX-WS Remote Code Execution Exploit

We also added new AV evasion capabilities as well as updates to ten existing exploit modules.

Alex Horan, Senior Product Manager.