Zero-Day Tracker Welcome to eEye Research Team's Zero-Day Tracker. This site was built to serve as an informational archive for zero-day vulnerabilities. Please email any questions regarding this site to skunkworks@eeye.com. Suggestions for additions to this list (past or present zero-day vulnerabilities) are always welcome.

Active Zero-Day Vulnerabilities: 5
Archived Zero-Day Vulnerabilities: 52

The following entries are active zero-day vulnerabilities. They have been publicly disclosed and/or used in attacks, and do not have any published vendor-supplied patch. eEye's Blink® software proactively protects systems from these flaws.

Excel Invalid Object 350 Days of Exposure Vendor: Microsoft Application: Excel Severity: High Date Disclosed: 2/24/2009 Days of Exposure: 350   Adobe PDF Buffer Overflow 355 Days of Exposure Vendor: Adobe Application: Acrobat Severity: High Date Disclosed: 2/19/2009 Days of Exposure: 355   Creative Software AutoUpdate Engine ActiveX stack buffer overflow 624 Days of Exposure Vendor: Creative Labs Application: Creative Labs AutoUpdate Engine ActiveX Severity: High Date Disclosed: 5/26/2008 Days of Exposure: 624   Internet Connection Sharing DoS 1200 Days of Exposure Vendor: Microsoft Application: Windows Severity: Medium Date Disclosed: 10/28/2006 Days of Exposure: 1200   RPC Memory Exhaustion 1546 Days of Exposure Vendor: Microsoft Application: Windows Severity: Low Date Disclosed: 11/16/2005 Days of Exposure: 1546

The following archived zero-day vulnerabilities have been patched by the vendor. At the time of disclosure, these entries were made public and/or used in active attacks prior to the release of a patch. eEye's Blink® software proactively protects systems from these flaws, and eEye's Retina® software scans systems to detect for the presence of these flaws.

Microsoft Internet Explorer XML Processing 32 Days of Exposure Vendor: Microsoft Application: Microsoft Internet Explorer Severity: High Date Disclosed: 11/15/2008 Date Patched: 12/17/2008 Days of Exposure: 32   Microsoft Word XP/2002 SP3 Exploit 35 Days of Exposure Vendor: Microsoft Application: Microsoft Word Severity: High Date Disclosed: 7/8/2008 Date Patched: 8/12/2008 Days of Exposure: 35   Microsoft Access Snapshot Viewer ActiveX 36 Days of Exposure Vendor: Microsoft Application: Microsoft Access Severity: High Date Disclosed: 7/7/2008 Date Patched: 8/12/2008 Days of Exposure: 36   Mac OS X ARDAgent Local Privilege Escalation 43 Days of Exposure Vendor: Apple Application: OS X Severity: High Date Disclosed: 6/18/2008 Date Patched: 7/31/2008 Days of Exposure: 43   CA Unicenter DSM ActiveX AddColumn() Buffer Overflow 11 Days of Exposure Vendor: Computer Associates (CA) Application: BrightStor ARCserve Backup Severity: High Date Disclosed: 3/16/2008 Date Patched: 3/27/2008 Days of Exposure: 11   Excel Unspecified Exploit 56 Days of Exposure Vendor: Microsoft Application: Excel Severity: High Date Disclosed: 1/15/2008 Date Patched: 3/11/2008 Days of Exposure: 56   Apple QuickTime RTSP Buffer Overflow 20 Days of Exposure Vendor: Apple Application: QuickTime Severity: High Date Disclosed: 11/23/2007 Date Patched: 12/13/2007 Days of Exposure: 20   RealNetworks RealPlayer ierpplug.dll Remote Code Execution 1 Day of Exposure Vendor: RealNetworks Application: RealPlayer Severity: High Date Disclosed: 10/19/2007 Date Patched: 10/20/2007 Days of Exposure: 1   Macrovision secdrv.sys Local Privilege Escalation 21 Days of Exposure Vendor: Macrovision Application: Microsoft Windows Severity: Medium Date Disclosed: 10/16/2007 Date Patched: 11/6/2007 Days of Exposure: 21   Windows URI Protocol Handling 111 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 7/25/2007 Date Patched: 11/13/2007 Days of Exposure: 111   MSN Messenger Video Conversation Heap Overflow 0 Days of Exposure Vendor: Microsoft Application: MSN Messenger Severity: High Date Disclosed: 1/31/2007 Date Patched: 1/31/2007 Days of Exposure: 0   Yahoo! Messenger Webcam Heap Overflow 9 Days of Exposure Vendor: Yahoo!, Inc Application: Yahoo! Messenger Severity: High Date Disclosed: 8/12/2007 Date Patched: 8/21/2007 Days of Exposure: 9   Yahoo! Webcam ActiveX 1 Day of Exposure Vendor: Yahoo!, Inc Application: Yahoo! Messenger Severity: High Date Disclosed: 6/6/2007 Date Patched: 6/7/2007 Days of Exposure: 1   Multiple BrightStor Backup RPC Vulnerabilities 148 Days of Exposure Vendor: Computer Associates Application: BrightStor Backup Severity: High Date Disclosed: 5/16/2007 Date Patched: 10/11/2007 Days of Exposure: 148   Winamp .MP4 Code Execution 4 Days of Exposure Vendor: AOL Music Application: Winamp Severity: High Date Disclosed: 4/30/2007 Date Patched: 5/4/2007 Days of Exposure: 4   Microsoft DNS RPC Buffer Overflow 31 Days of Exposure Vendor: Microsoft Application: Windows With DNS Server Service Running Severity: High Date Disclosed: 4/7/2007 Date Patched: 5/8/2007 Days of Exposure: 31   Brightstor Backup Mediasvr.exe RPC 191 26 Days of Exposure Vendor: Computer Associates Application: BrightStor Severity: High Date Disclosed: 3/29/2007 Date Patched: 4/24/2007 Days of Exposure: 26   Windows .ANI Processing 6 Days of Exposure Vendor: Microsoft Application: Windows Severity: High Date Disclosed: 3/28/2007 Date Patched: 4/3/2007 Days of Exposure: 6   Sun Solaris Telnet Bypass 2 Days of Exposure Vendor: Sun Application: Solaris Severity: High Date Disclosed: 2/12/2007 Date Patched: 2/14/2007 Days of Exposure: 2   Word Unspecified Exploit(4) 88 Days of Exposure Vendor: Microsoft Application: Word Severity: Medium Date Disclosed: 2/9/2007 Date Patched: 5/8/2007 Days of Exposure: 88   Office Unspecified Exploit 15 Days of Exposure Vendor: Microsoft Application: Office Severity: High Date Disclosed: 2/2/2007 Date Patched: 2/17/2007 Days of Exposure: 15   Word Unspecified Exploit(3) 19 Days of Exposure Vendor: Microsoft Application: Word Severity: High Date Disclosed: 1/25/2007 Date Patched: 2/13/2007 Days of Exposure: 19   Apple QuickTime RTSP URL Buffer Overflow 22 Days of Exposure Vendor: Apple Application: QuickTime Severity: High Date Disclosed: Jan 1, 2007 Date Patched: Jan 23, 2007 Days of Exposure: 22   Windows MessageBox / NtRaiseHardError 116 Days of Exposure Vendor: Microsoft Application: Windows Severity: Medium Date Disclosed: 12/15/2006 Date Patched: 4/10/2007 Days of Exposure: 116   Word 12122006-djtest.doc 67 Days of Exposure Vendor: Microsoft Application: Word Severity: Critical Date Disclosed: 12/12/2006 Date Patched: 2/17/2007 Days of Exposure: 67   Word Unspecified Exploit(2) 65 Days of Exposure Vendor: Microsoft Application: Word Severity: High Date Disclosed: 12/10/2006 Date Patched: 2/13/2007 Days of Exposure: 65   Word Unspecified Exploit 70 Days of Exposure Vendor: Microsoft Application: Word Severity: High Date Disclosed: 12/5/2006 Date Patched: 2/13/2007 Days of Exposure: 70   Adobe ActiveX 7 Days of Exposure Vendor: Adobe Application: Acrobat ActiveX Severity: High Date Disclosed: 11/28/2006 Date Patched: 12/5/2006 Days of Exposure: 7   ASX Playlist 20 Days of Exposure Vendor: Microsoft Application: Windows Media Player Severity: High Date Disclosed: 11/22/2006 Date Patched: 12/12/2006 Days of Exposure: 20   Windows GDI Local Privilege Escalation 148 Days of Exposure Vendor: Microsoft Application: Windows Severity: Medium Date Disclosed: 11/06/2006 Date Patched: 4/3/2007 Days of Exposure: 148   XMLHTTP 4.0 ActiveX 10 Days of Exposure Vendor: Microsoft Application: XML Core Services Severity: High Date Disclosed: 11/4/2006 Date Patched: 11/14/2006 Days of Exposure: 10   ADODB.Connection ActiveX 109 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 10/27/2006 Date Patched: 2/13/2007 Days of Exposure: 109   Microsoft Office 2003 PPT Local DoS 341 Days of Exposure Vendor: Microsoft Application: PowerPoint Severity: Medium Date Disclosed: 10/12/2006 Date Patched: 9/18/2007 Days of Exposure: 341   McAfee Network Agent 26 Days of Exposure Vendor: McAfee Application: Internet Security Suite Severity: High Date Disclosed: 10/12/2006 Date Patched: 11/7/2006 Days of Exposure: 26   PowerPoint Controlppt 13 Days of Exposure Vendor: Microsoft Application: PowerPoint Severity: High Date Disclosed: 9/27/2006 Date Patched: 10/10/2006 Days of Exposure: 13   QTL Arbitrary JavaScript Execution 363 Days of Exposure Vendor: Apple Application: Quicktime Severity: High Date Disclosed: 9/20/2006 Date Patched: 9/18/2007 Days of Exposure: 363   IE VML 7 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 9/19/2006 Date Patched: 9/26/2006 Days of Exposure: 7   IE DAXCTLE.OCX KeyFrame 62 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 9/13/2006 Date Patched: 11/14/2006 Days of Exposure: 62   Word Mdropper 39 Days of Exposure Vendor: Microsoft Application: Word Severity: High Date Disclosed: 9/1/2006 Date Patched: 10/10/2006 Days of Exposure: 39   IE DAXCTLE.OCX Spline 78 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 8/28/2006 Date Patched: 11/14/2006 Days of Exposure: 78   WMI Object Broker ActiveX 124 Days of Exposure Vendor: Microsoft Application: Visual Studio 2005 Severity: High Date Disclosed: 08/10/2006 Date Patched: 12/12/2006 Days of Exposure: 124   Server NETAPI32 0 Days of Exposure Vendor: Microsoft Application: Windows Severity: High Date Disclosed: 8/8/2006 Date Patched: 8/8/2006 Days of Exposure: 0   IE setSlice() 84 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 7/18/2006 Date Patched: 10/10/2006 Days of Exposure: 84   PowerPoint PPDropper 27 Days of Exposure Vendor: Microsoft Application: PowerPoint Severity: High Date Disclosed: 7/12/2006 Date Patched: 8/8/2006 Days of Exposure: 27   Excel nanika.xls 118 Days of Exposure Vendor: Microsoft Application: Excel Severity: High Date Disclosed: 6/14/2006 Date Patched: 10/10/2006 Days of Exposure: 118   Word2003 Ginwui 26 Days of Exposure Vendor: Microsoft Application: Word Severity: High Date Disclosed: 5/18/2006 Date Patched: 6/13/2006 Days of Exposure: 26   IE createTextRange() 20 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 3/22/2006 Date Patched: 4/11/2006 Days of Exposure: 20   WMF Metafile 9 Days of Exposure Vendor: Microsoft Application: Windows Severity: High Date Disclosed: 12/27/2005 Date Patched: 1/5/2006 Days of Exposure: 9   IE JAVAPRXY.DLL 13 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 6/29/2005 Date Patched: 7/12/2005 Days of Exposure: 13   IE window() 196 Days of Exposure Vendor: Microsoft Application: Internet Explorer Severity: High Date Disclosed: 5/31/2005 Date Patched: 12/13/2005 Days of Exposure: 196   Microsoft Jet DB Multiple Vulns 1139 Days of Exposure Vendor: Microsoft Application: Jet DB Severity: High Date Disclosed: 3/31/2005 Date Patched: 5/13/2008 Days of Exposure: 1139   NTDLL "IIS WebDAV" 37 Days of Exposure Vendor: Microsoft Application: Windows Severity: High Date Disclosed: 3/17/2003 Date Patched: 4/23/2003 Days of Exposure: 37