Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2009-03 - Tall Emu
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Tall Emu
 
Timeline   04.02.2009 - Vendor notified
04.02.2009 - Vendor replied
04.02.2009 - Sent detailed information
 
Days sinse vendor notification: 3526
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2009-02 - Tall Emu
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Tall Emu
 
Timeline   04.02.2009 - Vendor notified
04.02.2009 - Sent detailed information
 
Days sinse vendor notification: 3526
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   Medium (6.2) AV:L/AC:H/Au:N/C:C/I:C/A:C
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   PGP
Product:   PGP Corporate Desktop 9.x
 
Identifier:   PT-2009-01   Advisory published: 04.02.2009
CVE ID:   CVE-2009-0681   Fix issued: 02-04-2009
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   High (7.2) AV:L/AC:M/Au:S/C:C/I:C/A:C
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Microsoft
Product:   Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
 
Identifier:   PT-2008-09   Advisory published: 19.11.2008
CVE ID:   CVE-2009-1922   Fix issued: 11-08-2009
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2008-08 - Microsoft
Severity:   Medium (4.7) AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Microsoft
 
Timeline   19.11.2008 - Vendor notified
21.11.2008 - Vendor replied
 
Days sinse vendor notification: 3603
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   VMWare
Product:   VMware Workstation 6.x
VMWare Player 2.x
VMWare ACE 2.x
VMware Server 2.x
 
Identifier:   PT-2008-07   Advisory published: 14.10.2008
CVE ID:   CVE-2009-1146   Fix issued: 31-03-2009
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
PT-2008-06 VMware Multiple Products Denial of Service Vulnerability - VMWare
Severity:   Medium (4.4) AV:L/AC:M/Au:S/C:N/I:N/A:C
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   VMWare
 
Timeline   14.10.2008 - Vendor notified
16.10.2008 - Vendor replied
16.10.2008 - Sent detailed information
28.05.2009 - Vendor releases fixed version and details
 
Days sinse vendor notification: 3639
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team
 
Severity:   Medium (6.6) AV:L/AC:M/Au:S/C:C/I:C/A:C
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   VMWare
Product:   VMware Workstation 6.x
VMWare Player 2.x
VMware Server 2.x
VMWare ACE 2.x
 
Identifier:   PT-2008-05   Advisory published: 14.10.2008
CVE ID:   CVE-2009-1147   Fix issued: 03-04-2009
Discovered by:
Nikita Tarakanov, Positive Technologies Research Team