Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   Cetera CMS
 
Identifier:   PT-2009-18   Advisory published: 02.03.2009
CVE ID:   N/A   Fix issued: 24-03-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   High (7.5) AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability status:   Patched
Exploitation vector:   Remote
Product:   ABO.CMS 5.x
 
Identifier:   PT-2009-17   Advisory published: 02.03.2009
CVE ID:   N/A   Fix issued: 05-04-2009
Discovered by:
Dmitry Evteev, Positive Technologies Research Team
 
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   SlySoft
Product:   AnyDVD 6.x
Virtual CloneDrive 5.x
CloneDVD 2.x
CloneCD 5.x
 
Identifier:   PT-2009-11   Advisory published: 11.02.2009
CVE ID:   CVE-2009-0824   Fix issued: 06-03-2009
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Trend Micro
Product:   Trend Micro Internet Security Pro 2009
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008
 
Identifier:   PT-2009-09   Advisory published: 04.02.2009
CVE ID:   CVE-2009-0686   Fix issued:
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-08 - Sunbelt Software
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Sunbelt Software
 
Timeline   04.02.2009 - Vendor notified
no response
12.02.2009 - Second notification
no response
 
Days sinse vendor notification: 2974
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-07 - PC Tools
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   PC Tools
 
Timeline   04.02.2009 - Vendor notified
11.02.2009 - Vendor replied
24.02.2009 - Sent detailed information
 
Days sinse vendor notification: 2974
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-06 - F-Secure
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   F-Secure
 
Timeline   04.02.2009 - Vendor notified
11.02.2009 - Vendor replied
16.02.2009 - Sent detailed information
16.02.2009 - Vendor replied
 
Days sinse vendor notification: 2974
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   Medium (4.9) AV:L/AC:L/Au:N/C:N/I:N/A:C
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Computer Associates (CA)
Product:   CA Internet Security Suite Plus 2009
CA Internet Security Suite Plus 2008
CA Internet Security Suite 2007
 
Identifier:   PT-2009-05   Advisory published: 04.02.2009
CVE ID:   CVE-2009-0682   Fix issued: 18-08-2009
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-04 - Tall Emu
Severity:   Medium (6.9) AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Tall Emu
 
Timeline   04.02.2009 - Vendor notified
04.02.2009 - Vendor replied
04.02.2009 - Sent detailed information
 
Days sinse vendor notification: 2974
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-03 - Tall Emu
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Tall Emu
 
Timeline   04.02.2009 - Vendor notified
04.02.2009 - Vendor replied
04.02.2009 - Sent detailed information
 
Days sinse vendor notification: 2974
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team