December 28th, 2006, 06:29 PM
Found this neat page by eEye Digital Security which keeps track of 0-days.
This page documents active vulnerabilities that vendors have not patched, how long the community has been exposed to the vulnerability, the severity of the vulnerability, and more. In the rising sea of vulnerabilities, knowing serious flaws that have received little or no attention is key when gauging what you should or shouldn't allow in your network and on your operating systems.
December 29th, 2006, 12:14 PM
I think that site should be called, Microsoft centric zero days found by eeye. The majority are already patched and of the open ones (totalling 8) only one is set to critical. That critical zero day has two important caveats. The first is that the possible code execution will only take place under the context of the logged in user. If you practice good security, this isn't going to be a big deal. The second is that the user must be tricked or otherwise open the file before this will execute. Again, if you only open word docs from trusted sources, then you've mitigated a good percentage of the risk.
Good job looking out for folks PacketThurst, I just see this more as picking on MS and also a marketing tool for eeye.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
December 29th, 2006, 04:54 PM
yup ... very much "Microsoft" centered... infact eeye picked on just two vendors -MS and Adobe ... lame