As we head in the final stretch of 2012 and brace ourselves for the inevitable blog posts about the year-in-review or predictions for 2013, it is important not to take our foot of the pedal and keep producing value for our customers. Our Exploit Writing and L3 teams have been pushing out exploits and functionality updates all month, while we have also been working with vendors to ensure issues we find in their products are patched in a timely basis. When you are working with a product you love, with people you respect, then putting in the extra effort to get things out the door early feels like no effort at all.   Updates for November 2012 (exploding maintenance updates) Remote Code Execution HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Exploit HP Data Protector Express Create New Folder Buffer Overflow Exploit Avaya IP Office Customer Call Reporter ImageUpload Exploit Invision Power Board Unserialize Remote Code Execution Exploit WebCalendar Remote Code Execution Exploit AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Exploit Client Side Aladdin Knowledge System Ltd PrivAgent ChooseFilePath Buffer Overflow Exploit NTR ActiveX Control StopModule Remote Code Execution Exploit Apple QuickTime text3GTrack attribute TeXML Stack Buffer Overflow Exploit Novell ZENworks AdminStudio LaunchHelp ActiveX Arbitrary Code Execution Exploit CYME ChartFX Client Server ActiveX Control Exploit VMware OVF Tool Format String Exploit Oracle Java JAX-WS Remote Code Execution Exploit We also added new AV evasion capabilities as well as updates to ten existing exploit modules.