Happy New Year everyone! We have a few updates for our research portal with regards to publicly disclosed zero-days.
A new exploit has been posted to Full Disclosure which describes an attack which allows a logged in user to elevate their privileges to SYSTEM. eEye Research has verified that this public exploit does work as advertised. This exploit represents the first public exploit for the Vista platform, which is attacking the first public zero-day for Vista as well. The technical nitty-gritty for this vulnerability can be found on the eEye Research ZDT.
Also, we have added the first Month of Apple Bugs entry as well, as it is an easily exploitable vulnerability with a large user-base. As of now, there is minimal mitigation provided as we are still researching attack vectors. Of course, we will be monitoring MoAB for other high-impact zero-day vulnerability disclosures.
Happy New Year! Hopefully these disclosures are not a sign of things to come for 2007.