Immunity CANVAS Early Updates


Legal Information

The information provided below is only available to subscribers of Immunity's Early Updates and is subject to the terms of the Immunity CANVAS Software License Agreement located here. It is the customer's responsibility to maintain the confidentiality of this information, and any tools, techniques, or information provided as part of the Immunity's CANVAS Early Update Program.

This information is not for re-release to any third party, including contractors, consultants, and temporary workers.

Latest Updates

CANVAS Modules and Proof of Concepts

  • July 30, 2014 Windows mqac.sys Local Privilege Escalation (CVE-2014-4971)
  • July 15, 2014 Firefox nsSVGValue vulnerability (CVE-2011-3658)
  • April 14, 2014 phpinfo & local file inclusion
  • April 14, 2014 Horde Framework 5.1.1 _formvars unserialize() PHP code injection
  • March 27, 2014 IE10_CMarkup
  • February 26, 2014 Local root exploit for Linux x32 recvmmsg() (CVE-2014-0038)
  • February 12, 2014 CardSpaceClaimCollection (MS13_090)
  • February 7, 2014 Oracle VirtualBox Hypervisor escape (CVE-2013-5892)
  • January 30, 2014 NDProxy.sys exploit (CVE-2013-5065)

  • Previous CANVAS Early Updates

  • December 11, 2013 NDProxy Local Privilege Escalation
  • November 6, 2013 IE8 CDisplayPointer
  • October 31, 2013 Win32k NULL Page Vulnerability
  • September 19, 2013 Clientside exploit for IE8 DirectShow GIF rendering
  • September 11, 2013 Source code to build a teensy++ board based exploit for (CVE-2013-2888)
  • September 11, 2013 Paper on how to practically exploit the Linux core HID driver vulnerability (CVE-2013-2888)
  • August 26, 2013 AlphaStor Exploit
  • July 29, 2013 perf_swevent_init Linux (v3.8.9 and earlier) local root (CVE-2013-2094)
  • July 26, 2013 FreeBSD 9.0/9.1 mmap/ptrace local privilege (CVE-2013-2171)
  • June 17, 2013 fs_pipe_race_to_null local root (CVE-2009-3547)
  • June 13, 2013 MoinMoin Remote Command Execution (CVE-2012-6495)
  • June 4, 2013 Acrobat Reader 10 XFA
  • May 23, 2013 Novell Client Privilege Escalation
  • May 21, 2013 Nginx Chunked Encoding Exploit (CVE-2013-2028)
  • May 16, 2013 MDaemon remote command/control exploit
  • April 24, 2013 Java Dynamic Type Bindings Vulnerability (CVE-2013-2423) (Includes a bypass for the click2play java restriction)
  • March 21, 2013 Linux PTRACE_SETREGS (CVE-2013-0871) Local Root (update)
  • March 1, 2013 adobe_flash_regexp exploit
  • January 24, 2013 AV CEU Update
  • January 17, 2013 Enhanced support for AV signature evasion
  • January 10, 2013 JMX MBeanInstantiator.findClass bug


  • Copyright © 2003 - Immunity, Inc.
    All Rights Reserved.