Just wanted to give a heads-up on some updates to the eEye Research Portal:
1 - New Tool: UFuz3 - Yuji Ukai has written a pretty cool integer overflow file fuzzer that can be used against any binary-file format. It also has a nice 'point-and-click' GUI and an included demo, so it's pretty easy for everyone to quickly use and understand.
2 - New Zero-Day Entry: Word Unspecified Exploit(3) - Yet another Word zero-day is being exploited in the wild which bring the grand total up to 4.
3 - New Zero-Day Entry: Office Unspecified Exploit - Although this one is attacking Excel directly, all signs point to a shared resource available for all Office applications (mso.dll?). So, keep an eye out for ALL office attachments.
As of right now, there are 10 active high-impact zero-day vulnerabilities, all belonging to Microsoft. Hopefully we'll see this number drop next Patch Tuesday, Feb 13th, but we also were hoping for that on Jan 9th, so I guess we shall see.
Also, for those of you attending RSA, eEye has a booth (#805) during the conference to announce the release of Blink 3.0. A few of our lead researchers and developers will also be manning the booth to answer some of your more technical questions. So come by for some eEye schwag and maybe even bring your resume as we are looking for some good applicants to join our team.