Updating the Current Listing of all ITWE of UV

That would be "in the wild exploits against undercover vulnerabilities," what I formerly called 0day attacks, but have corrected myself. (The distinction being that 0days today include exploits against known/disclosed vulnerabilities simply if there isn’t a patch. It is probably also worth noting that in my mind 0day should reflect an attack/exploit and not simply a vulnerability.)

The WMF vulnerability is the latest entrant on the list. Now some questions:

  1. How did we catch it without a standard discovery/disclosure/patch lifecycle?
  2. How much damage is it doing?
  3. What are we doing about the "next" WMF which currently lay sleeping on our systems?

Here’s my list so far:

  • 12/29/05 – WMF.
  • 3/18/03 – WebDAV. (publicly available information)
  • 9/3/98 – SunOS ToolTalk. (credit: TQBF, who never got the beer…)
  • 4/24/96 – rpc.statd. (double credit: TQBF – thanks again.)

Honorable Mention (which don’t quite make the list because the vulnerability information was not discovered due to an active exploit):

  • RealServer ../../../ overflow
  • Any of the Immunity VSC releases (Mac OS X Kernel Local, anyone?)
  • Samba bug that HDM got hacked with… [this may get elevated, I am not sure]
  • [Credits: Dave Aitel and Anton Chuvakin for the information]

Any and all help to further this list is appreciated.