Immunity CANVAS is heavily Quality Assurance (QA) and on a monthly release cycle, however a select number of Immunity’s clients rely on up-to-the-minute vulnerability information as Immunity produces material, where the windows of knowing vulnerability and exploit exist is important for those who are working based on that basis. Immunity is often first to market with new exploits and proof of concept exploit code following “Microsoft Tuesdays”. Until they are included in the next reliable monthly release of Immunity CANVAS subscription, these codes are available through the CANVAS Early Updates program. This code is often proof-of-concept early research, however its early availability allows our research team to share its results as soon as it is produced.
CANVAS Early Updates subscription customers include IDS vendors, vulnerability assessment vendors, and professional services organizations who are willing to pay for the premium to access it in advance of the rest of the market. End-users are provided with an increased level of confidence in our subscribers’ products as they are able to verify protection or existence of a new vulnerability within hours of its announcement.
Below is the review of recent research made available early via CANVAS Early Updates subscription only. Subscriber needs to have the subscriber ID and password to access the link of all the information. For existing customers and new customer interest in the CANVAS Early Update Program subscription, feel free to contact E-SPIN for the inquiry.
LATEST UPDATES
- June 3, 2021 SeImpersonationPrivilege – LPE (June 2021 Update)
- May 21, 2021 SharePoint Workflows – RCE
- May 10, 2021 WndExtra Out-of-Bounds – LPE
- May 10, 2021 Internet Explorer 11.0 MSHTML Double-Free
- March 29, 2021 vstrwrite01 – LPE (Update)
- March 26, 2021 vstrwrite01 – LPE
- March 1, 2021 Windows Service Tracing – LPE (March 2021 Update)
- February 17, 2021 Windows Service Tracing – LPE
- January 21, 2021 ZeroLogon
- January 14, 2021 Solaris 10 RCE (in libpam through SSH)
- September 18, 2020 SMBGhost – LPE (September 2020 Update)
- August 5, 2020 SMBGhost – RCE
- July 22, 2020 Microsoft Exchange Server Validation Key RCE
- June 2, 2020 SMBGhost – LPE
- May 22, 2020 SQL Server Reporting Services ViewState RCE (CVE-2020-0618)
- March 27, 2020 Menu Confusion – LPE
- February 14, 2020 Unpatched Windows 10 SSL Verification Bypass
- February 5, 2020 rConfig Unauthenticated RCE (CVE-2019-16662)
- January 29, 2020 Citrix ADC/Gateway Directory Traversal RCE (UPDATE)
- January 24, 2020 BLUEGATE – RD Gateway Crash PoC
- January 16, 2020 Citrix ADC/Gateway Directory Traversal RCE
- January 10, 2020 Ruby on Rails Arbitrary File Read
- January 10, 2020 Ruby on Rails ActiveStorage Deserialization
- November 21, 2019 Pre-Auth Code Exec in Jenkins < 2.138 (Linux Version)
- November 21, 2019 vBulletin < 5.5.4 – RCE
- November 14, 2019 Windows Error Reporting – LPE
- September 20, 2019 ALPC AppX Edge – LPE
- July 30, 2019 DDE Closehandle – LPE (CVE-2019-0803)
- June 14, 2019 Exim 4.85+ Remote Command Execution
- May 24, 2019 ALPC Takeover – LPE (May 2019 Update)
- April 25, 2019 ALPC Takeover – LPE
- April 23, 2019 Local Privilege Elevation in win32k UAF (CVE-2019-0623)
- March 19, 2019 Local Privilege Elevation in win32k UAF (CVE-2018-8453)
- February 22, 2019 Local Privilege Elevation in snapd API (dirty_sock) (CVE-2019-7304)
- January 16, 2019 Exim b64decode One-Byte-Overflow (CVE-2018-6789)
- January 9, 2019 Adobe Flash Player com.adobe.tvsdk.mediacore.metadata.Metadata Use-After-Free (CVE-2018-15982)
- December 6, 2018 WebLogic T3 Protocol Deserialization RCE (CVE-2018-2893)
- October 26, 2018 Misconfigured su/sudo Privilege Escalation
- October 19, 2018 Blueimp jQuery-File-Upload <= v9.22.0 – Arbitrary File Upload Vulnerability (CVE-2018-9206)
- September 17, 2018 Linux Kernel 4.18.x – Arbitrary Kernel Read into Dmesg LPE
- September 13, 2018 Struts2 RCE (CVE-2018-11776)
- September 13, 2018 JBoss <= 4.X Java Deserialization RCE
- August 28, 2018 OpenSSH User Enumeration (CVE-2018-15473)
- August 28, 2018 Linux Kernel Local Privilege Escalation (CVE-2017-18344)
- August 8, 2018 Windows SMB Remote Code Execution (MS17-010)
- August 2, 2018 SPECTRE Local Privilege Escalation (Windows Version)
- July 25, 2018 Waitid() – Linux Local Privilege Escalation for Kernels Between 4.13.0-rc1 and 4.13.4
- June 29, 2018 QC Marshal Interceptor Insecure COM Unmarshal LPE (CVE-2018-0824)
- June 14, 2018 settingcontent_ms (NO CVE)
- May 29, 2018 ETERNALBLUE – Windows SMB Remote Kernel Pool Overflow (CVE-2017-0143, May 2018 Update)
- May 4, 2018 Potato – SeImpersonationPrivilege to SYSTEM LPE (No CVE)
- March 30, 2018 Microsoft IIS – IIS Machinekey RCE (No CVE)
- March 30, 2018 Microsoft IIS – IIS Machinekey Backdoor Configuration Generator (NO CVE)
- March 30, 2018 Microsoft IIS – Windows ‘My’ Certificate Store Dumping Tool (NO CVE)
- March 23, 2018 Dell iDRAC8 – WebApp – RCE (CVE-2018-1207)
- March 23, 2018 SPECTRE Local Privilege Escalation (March 2018 Update)
- March 12, 2018 WPAD/PAC Exploit via JScript Heap Overflow
- March 1, 2018 HP iLO4 < 2.53 Remote Exploit (CVE-2017-12542)
- February 20, 2018 RMI (Remote Method Invocation) Scanner
- February 20, 2018 Java Remote Method Invocation Service Remote Code Execution
- February 1, 2018 SPECTRE Local Privilege Escalation (February 2018 Update)
- January 26, 2018 SPECTRE Local Privilege Escalation
- January 23, 2018 Struts2 Dynamic Method Invocation RCE (CVE-2016-3081)
- January 23, 2018 Oracle Forms 10g Unauthenticated Remote Code Execution (CVE-2014-4278)
- January 3, 2018 CouchDB Admin User Injection and RCE v1.x and v2.x (CVE-2017-12635)
- December 22, 2017 GoAhead HTTPD Remote Code Execution update: ARM support added (CVE-2017-17562)
- December 20, 2017 ETERNALBLUE exploit implementation for CANVAS, Windows SMB Remote Kernel Pool Overflow (CVE-2017-0143)
- December 20, 2017 HP iMC Plat 7.2 dbman Remote Code Execution
- December 19, 2017 GoAhead HTTPD Remote Code Execution (CVE-2017-17562)
- December 14, 2017 CouchDB Admin User Injection and RCE v1.x (CVE-2017-12635)
- November 14, 2017 Updated Microsoft Word DDEAUTO Macro-less Code Execution (NO CVE)
- November 6, 2017 Updated Microsoft Word DDEAUTO Macro-less Code Execution (NO CVE)
- November 6, 2017 Microsoft Word DDEAUTO Macro-less Code Execution (NO CVE)
- October 24, 2017 Updated exploit for Emacs Enriched Mime-type Handler Arbitrary ELISP Execution (CVE-2017-14482)
- October 17, 2017 Updated exploit Microsoft Office Moniker/WDSL C# Injection (CVE-2017-8759, CVE-2017-8570)
- October 13, 2017 Microsoft Office Moniker/WDSL C# Injection (CVE-2017-8759, CVE-2017-8570)
- September 21, 2017 Emacs Enriched Mime-type Handler Arbitrary ELISP Execution (CVE-2017-14482)
- September 18, 2017 Symantec Brightmail Pre-Auth Command Injection (CVE-2017-6327)
- August 5, 2017 Updated PoC for SMBLORIS (SMBv1 memory exhaustion) attack
- August 2, 2017 PoC for SMBLORIS (SMBv1 memory exhaustion) attack
- July 25, 2017 CVE-2017-8464 – LNK PoC
- June 30, 2017 CVE-2017-3623 – Generic remote root on Solaris 10 RPC services (June 2017 update)
- May 25, 2017 CVE-2017-3623 – Generic remote root on Solaris 10 RPC services
- April 24, 2017 IIS6 PROPFIND ScStoragePathFromUrl Stack Buffer Overflow (CVE-2017-7269)
- April 19, 2017 PHP Deserialization on Drupal 7.x with Services Module version prior to 3.19
- March 23, 2017 SDCLT UAC Bypass
- March 21, 2017 Apache Struts S2-045 OGNL Remote JAR Execution
- March 2, 2017 MS16-111 NtLoadKeyEx COM TypeLib Hijack
- January 19, 2017 Jetbrains IDE Remote Code Execution through built-in webservers
- January 19, 2017 Inject MOSDEF
- January 19, 2017 Ubuntu Apport Crash Handler Remote Code Execution
- November 9, 2016 Full CANVAS exploits for CVE-2016-7255 (MS16-135)
- October 24, 2016 v0.3 (uni-processor support, increased race stability, automated recovery, no suid bin overwrite needed) full exploit chain for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- October 21, 2016 v0.2 (system stability ensurance, will survive sync) of full exploit chain for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- October 20, 2016 v0.1 of full exploit chain for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- October 20, 2016 Write to root-owned file trigger for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- August 24, 2016 Windows <= 10 Event Viewer UAC Bypass
- July 22, 2016 Badtunnel (MS16-077) – NetBios Name Resolver TXID Leak and NAT Hole Puncher
- June 1, 2016 CVE-2016-2098 (Rails ActionPack Render RCE)
- May 20, 2016 Binderx Module
- May 5, 2016 MS16-032 Seclogon thread handle leak
- May 5, 2016 airOS Remote Write
- April 12, 2016 SAP Netweaver Business Intelligece 7.5-and-prior P4
- March 23, 2016 CEU: exploit for CVE-2016-1757, Mac OSX Local Root Privilege Escalation
- March 9, 2016 jenkins_jrmp_deserialize
- March 5, 2016 ms16_006_silverlight
- February 17, 2016 vrealize_vcofactory_deserialize
- February 11, 2016 AlienVault Alarm Deserialization
- January 22, 2016 weblogic_t3_deserialization
- January 14, 2016 jenkins_cli_deserialization
- December 16, 2015 jboss6_jmxinvokeerservlet_deserialize
- November 16, 2015 firefox_pdfjs_file_reader
- November 13, 2015 vbulletin_preauth_decodeArguments
- August 27, 2015 osx_rootpipe2
- August 24, 2015 ESET Personal Firewall (EpFwNDIS.sys)
- June 9, 2015 Adobe Flash Player v9 – 17.0.0.169 Apply Integer Overflow
- June 7, 2015 ms15_051.tar.gz
- May 5, 2015 ProFTPd 1.3.5 Remote File Copy (CVE-2015-3306)
- April 28, 2015 CVE-2015-1427 – Elasticsearch RCE (Groovy sandbox bypass)
- April 27, 2015 MS14_070 Privilege Escalation
- April 23, 2015 OS X XPC Admin Framework (rootpipe) privilege escalation
- April 14, 2015 MS15-034 trigger
- March 20, 2015 Microsoft Windows Shell LNK Code(CVE-2015-0096)
- March 19, 2015 Windows Unicorn MS14-64
- March 10, 2015 Misfortune Cookie exploit (CVE 2014-9222)
- January 20, 2015 IOHIKeyboardMapper::parseKeyMapping() kheap overflow exploit
- December 16, 2014 MS14-068 – Kerberos Elevation of Privilege
- December 5, 2014 Sandworm – MS14-060 – Windows OLE Remote Code Execution Vulnerability
- November 14, 2014 MS14-066 TLS default remote heap overflow trigger
- November 13, 2014 Futex Requeue Privilege Escalation Exploit[Update]
- October 13, 2014 Adobe Flash CopyPixeltoByteArray Exploit
- September 25, 2014 Bash code injection exploit (CVE-2014-6271)
- August 19, 2014 l2p PPP vulnerability (CVE-2014-4943)
- August 11, 2014 Futex Requeue Rivilege Escalation Exploit x86 0.1
- July 30, 2014 Windows mqac.sys Local Privilege Escalation (CVE-2014-4971)
- July 15, 2014 Firefox nsSVGValue vulnerability (CVE-2011-3658)
- April 14, 2014 phpinfo & local file inclusion
- April 14, 2014 Horde Framework 5.1.1 _formvars unserialize() PHP code injection
- March 27, 2014 IE10_CMarkup
- February 26, 2014 Local root exploit for Linux x32 recvmmsg() (CVE-2014-0038)
- February 12, 2014 CardSpaceClaimCollection (MS13_090)
- February 7, 2014 Oracle VirtualBox Hypervisor escape (CVE-2013-5892)
- January 30, 2014 NDProxy.sys exploit (CVE-2013-5065)