Immunity CANVAS Early Updates


Legal Information

The information provided below is only available to subscribers of Immunity's Early Updates and is subject to the terms of the Immunity CANVAS Software License Agreement located here. It is the customer's responsibility to maintain the confidentiality of this information, and any tools, techniques, or information provided as part of the Immunity's CANVAS Early Update Program.

This information is not for re-release to any third party, including contractors, consultants, and temporary workers.

Latest Updates

CANVAS Modules and Proof of Concepts

  • May 21, 2013 Nginx Chunked Encoding Exploit (CVE-2013-2028)
  • May 16, 2013 MDaemon remote command/control exploit
  • April 24, 2013 Java Dynamic Type Bindings Vulnerability (CVE-2013-2423) (Includes a bypass for the click2play java restriction)
  • March 21, 2013 Linux PTRACE_SETREGS (CVE-2013-0871) Local Root(update)
  • March 1, 2013 adobe_flash_regexp exploit
  • January 24, 2013 AV CEU Update
  • January 17, 2013 Enhanced support for AV signature evasion
  • January 10, 2013 JMX MBeanInstantiator.findClass bug

  • Previous CANVAS Early Updates

  • December 10, 2012 MySQL privilege escalation (CVE-2012-5613)
  • November 28, 2012 Java Applet JAX-WS (CVE-2012-5076)
  • November 22, 2012 Java Applet JAX-WS Remote Code Execution
  • November 22, 2012 Java MethodHandles.Lookup Remote Code Execution
  • November 7, 2012 Invision Power Board unserialize() PHP code execution (CVE-2012-5692)
  • October 24, 2012 MS12-037 update
  • October 2, 2012 IE execCommand() update
  • October 2, 2012 MS12_043 update
  • September 24, 2012 IE execCommand() uaf remote code execution
  • September 19, 2012 Adobe Flash Player 11.3.300.2x integer overflow font parsing code execution (CVE-2012-1535)
  • September 10, 2012 MS12_042 SYSRET Privilege Escalation
  • August 28, 2012 Sun Java JRE 1.7 sun.awt.SunToolkit.getfield() sandbox escape (CVE-2012-4681)
  • August 27, 2012 globalScape CuteZip 2.4
  • August 22, 2012 Adobe Flash OTF Parsing (CVE-2012-1535)
  • August 22, 2012 Internet Explorer XML Core Services Uninitialized Memory Corruption (MS12-043)
  • August 22, 2012 Internet Explorer Fixed Table Col Span Heap Buffer Overflow (MS12-037)
  • August 8, 2012 CVE_2010_3964
  • July 30, 2012 Novell ZENworks opcode 0x6c buffer overflow (CVE-2011-3175)
  • July 30, 2012 Novell ZENworks opcode 0x4c buffer overflow (CVE-2011-3176)
  • July 30, 2012 Novell ZENworks opcode 0x06 buffer overflow (OSVDB-65361)
  • July 27, 2012 Tiki Wiki <= 8.3
  • July 27, 2012 Novell Zenwork buffer overflow
  • July 27, 2012 SugarCRM <= 6.3.1 (CVE-2012-0694)
  • July 25, 2012 Update to ms12_027: adds support for all versions of Windows
  • July 25, 2012 Ezhometech EzServer stack overflow
  • July 25, 2012 EvoLogical EvoCam 3.6.6 and 3.6.7 buffer overflow (CVE-2010-2309)
  • July 25, 2012 SEH stack-based buffer overflow for iTunes 10.6.1
  • June 15, 2012 SYSRET Intel x64 exploit for FreeBSD amd64
  • June 12, 2012 Struts Exploit
  • June 12, 2012 MySQL Login Remote
  • June 1, 2012 MS12-027 exploit for Office 2010
  • May 18, 2012 Adobe Flash MP4 CPRT
  • May 4, 2012 PHP < 5.2.12 and < 5.4.2 script injection
  • April 25, 2012 MS12-004
  • April 13, 2012 CVE-2012-1182 additional exploit
  • April 11, 2012 Samba: Multiple Heap-Based Buffer Overflows in Memory Management Based on NDR Marshalling (CVE-2012-1182)
  • March 7, 2012 Java AtomicReferenceArray (CVE-2012-0507)
  • February 2, 2012 Linux >= 2.6.39 Local Root (updated)
  • January 25, 2012 Windows Vulnerability ms12-005
  • January 6, 2012 ASP.Net Forms Authentication Bypass Vulnerability


  • Copyright © 2003 - Immunity, Inc.
    All Rights Reserved.