• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 144
  • Last Modified:

Which products are vulnerable to latest Zero Day vulnerabilities raised by Pwn2Own

Q1:
Is there a list of software (including network devices IOS) & their version that are vulnerable to this zero day vulnerability
below?

Q2:
Below are some further information.  I would like to assess if any specific signature in this release have been
known to disrupt legit services/apps & how can I go about testing them?

  http://h30499.www3.hp.com/t5/HP-Security-Products-Blog/Pwn2Own-2015-The-view-from-HP-TippingPoint-DVLabs/ba-p/6723119
  http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-Day-Two-results/ba-p/6722884
  http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-Day-One-results/ba-p/6722204
  http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-The-lineup/ba-p/6722078
  http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-The-final-contestants/ba-p/6721403

========================================================================================

Subject: TippingPoint Digital Vaccine - Early Release Reminder

The DV originally scheduled for this coming Tuesday (March 24, 2015) was released ahead of schedule on Saturday (March 21, 2015) to provide preemptive coverage for 15 zero-day vulnerabilities found in various products during Pwn2Own 2015 held last week, where researchers were given the opportunity to show off their skills using attacks against Microsoft, Google, Mozilla, Apple and Adobe.

For every exploit of a vulnerability successfully demonstrated, HP TippingPoint DVLabs worked with the researchers, the Zero Day Initiative and the vendors to root cause the flaws and find the best way to provide filter coverage for HP TippingPoint customers.

As the exploits and vulnerabilities purchased by our Zero Day Initiative are essentially fully weaponized, DVLabs decided to replace the regularly scheduled Tuesday DV release with this critical out-of-band release, including Pwn2Own filters as well as a number of standard weekly filters planned for the Tuesday release. Doing so grants HP TippingPoint customers the exclusive ability to virtually patch against some of the most impactful vulnerabilities and exploits in existence.
0
sunhux
Asked:
sunhux
1 Solution
 
btanExec ConsultantCommented:
Q1, Unless we have the exact CVE (e.g. via online cvedetail, nvd, vulcert  website) to further extrapolate to relevance of other possible Network based IOS, I will say that it will be tough for the confirmed case of listing. But with the summary for the final numbers of Pwn2Own 2015, this may serves as a basis of the impacted apps (as of now) since the vendor is working to patch them timely.
5 bugs in the Windows operating system
4 bugs in Internet Explorer 11
3 bugs in Mozilla Firefox
3 bugs in Adobe Reader
3 bugs in Adobe Flash
2 bugs in Apple Safari
1 bug in Google Chrome

Otherwise, the ZDI published and upcoming CVE listing may help to highlight
http://zerodayinitiative.com/advisories/published/
http://zerodayinitiative.com/advisories/upcoming/

Q2. Wait for the signature and scanner will typically have those incorporated, it is tough to "jump the gun" as mentioned till patches are out, vulnerability will not be fully disclosed hence no reliable gauge to detecting or scanning those vulnerability from any targeted servers or network architecture
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now