Patches

Fixing what’s really important.

The power of our mighty little patching machine – 0patch Agent – is boosted with microscopic cures for huge security problems.

2019-02-21
New
Exploited in the wild

CVE-2018-20250 RARLAB

WinRAR ACE Path Traversal

2019-02-13
New
0day

CVE-2018-16858 OpenOffice

OpenOffice Python Script Handler Directory Traversal

2019-02-13
New

CVE-2018-16858 LibreOffice

LibreOffice Python Script Handler Directory Traversal

2019-02-11
New
0day

CVE-2019-7089 Adobe Reader

Adobe Reader Callback Via UNC Path

2019-01-22
New
0day

No CVE Microsoft Windows

Microsoft Windows Contacts Arbitrary Code Execution

2019-01-21
New

No CVE Microsoft Windows readfile

MsiAdvertiseProduct Unauthorized File Read

2019-01-17
New

CVE-2019-0636 Microsoft Windows AngryPolarBearBug

Error Reporting Local Privilege Escalation

2018-11-21

CVE-2018-0952 Microsoft Windows

Microsoft Diagnostic Hub Standard Collector Elevation Of Privilege

2018-10-24
New

CVE-2018-8584 Microsoft Windows deletebug

Microsoft Data Sharing Service Arbitrary File Delete

2018-09-21

CVE-2018-8423 Microsoft Windows

Out-Of-Bounds Write in Microsoft Jet Database Engine

Outrunning Attackers On The Jet Database Engine 0day

2018-09-19

CVE-2017-16720 Advantech

Advantech WebAccess webvrpcs "Draw" Remote Code Execution

2018-09-19

No CVE Advantech

Advantech WebAccess webvrpcs "View" Remote Code Execution

2018-09-10

CVE-2018-8353 Microsoft Windows

Microsoft Scripting Engine Memory Corruption

2018-09-05

CVE-2018-8440 Microsoft Windows

Microsoft Windows Task Scheduler ALPC Local Privilege Escalation

Publicly Dropped 0day in Task Schedule

2018-08-24

CVE-2018-8414 Microsoft Windows

Microsoft Windows "SettingContent-ms" Remote Code Execution

Initially rejected for patching by Microsoft

2018-08-10

CVE-2018-12815 Adobe

Adobe Acrobat Reader DC JSON Stringify Remote Code Execution

2018-08-07

CVE-2018-8242 Microsoft Windows

Microsoft Scripting Engine Memory Corruption Vulnerability

2018-07-27

CVE-2018-12756 Adobe

Adobe Acrobat Reader Use-After-Free memory corruption

2018-05-30

CVE-2017-17557 Foxit

Foxit Reader Arbitrary Code Execution Vulnerability

2018-05-14
Exploited in the wild

CVE-2018-8174 Microsoft Windows

Microsoft Windows VBScript Engine Remote Code Execution Vulnerability

A micropatch instead of the official update that probably broke your network

2018-03-30
Exploited in the wild

CVE-2017-7269 Microsoft Windows Immortal

Buffer overflow in WebDAV service ScStoragePathFromUrl

Heavily exploited in the wild for 9 months

2018-02-20
Exploited in the wild

CVE-2018-0802 Microsoft Windows Office

Microsoft Office Equation Editor Memory Corruption

The Bug That Killed Equation Editor

2018-02-19

CVE-2018-5996 7-Zip

7-Zip Memory Corruptions via RAR PPMd

2018-02-12

CVE-2018-0798 Microsoft Windows Office

Microsoft Equation Editor Memory Corruption

Bringing back abandoned MS Equation Editor

2018-02-12

CVE-2017-17969 7-Zip

7-Zip Heap Buffer Overflow

2017-11-23
Exploited in the wild

CVE-2017-11882 Microsoft Windows

MS Office Equation Editor Memory Corruption

2017-11-09

CVE-2017-11826 Microsoft Windows

Microsoft Word OOXML Parser Memory Corruption Vulnerability

2017-10-25

No CVE Microsoft Windows

Microsoft Office DDE/DDEAUTO Remote Code Execution

It's a feature, not a bug

2017-10-04

CVE-2017-4924 VMWARE

VMware Workstation Shader Out-Of-Bounds Write

Micropatching a hypervisor with running virtual machines

2017-09-29

CVE-2017-11282 Adobe

Adobe Flash Player Remote Memory Corruption Vulnerability

2017-09-21

CVE-2017-0022 Microsoft Windows

Microsoft XML Core Services Information Disclosure Vulnerability

Exploit kit rendezvous

2017-09-07

CVE-2017-8464 Microsoft Windows

Microsoft LNK Remote Code Execution Vulnerability

The New Stuxnet" Windows LNK Vulnerability

2017-09-01

CVE-2017-2779 LabView

LabVIEW RSRC Arbitrary Null Write Code Execution

2017-08-24

CVE-2017-10952 Foxit

Foxit Reader saveAs Arbitrary File Write

A logical bug patched

2017-07-10

CVE-2017-0283 Microsoft Windows

Microsoft Windows Uniscribe Remote Code Execution Vulnerability

2017-07-04

CVE-2013-2472 Oracle Java

Oracle Java ShortComponentRaster.verify() Memory Corruption

2017-05-15

CVE-2017-0290 Microsoft Windows

Microsoft Malware Protection Engine Type Confusion

Worst windows remote code execution

2017-04-04

CVE-2013-2473 Oracle Java

Oracle Java Blit function heap buffer overflow

2017-04-04

CVE-2013-2471 Oracle Java

Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow

2017-04-04

CVE-2013-2470 Oracle Java

Oracle Java lookupByteBI function heap buffer overflow

2017-03-09

CVE-2017-0037 Microsoft Windows

Internet Explorer 11 Type confusion in HandleColumnBreakOnColumnSpanningElement

2017-02-28

CVE-2017-0038 Microsoft Windows

Microsoft Windows gdi32.dll EMF file information disclosure

2016-09-02

No CVE 0patch

Module loading logical error in 0patch Loader (functional flaw)

Patch to self, functional flaw

2016-07-26

CVE-2016-3740 Foxit

Foxit Reader ConvertToPDF TIFF SamplesPerPixel Parsing Heap Buffer Overflow

2016-06-17

CVE-2016-1077 Adobe

Adobe Acrobat Reader Deflate Use-After-Free

2016-01-19

CVE-2014-6321 Microsoft Windows

Windows schannel remote code execution (MS14-066)

First micropatch released on Twitter

2015-06-03

CVE-2013-7409 AllPlayer

AllPlayer 5.8 Buffer Overflow In .M3u File

2015-06-03

CVE-2013-6877 RealPlayer

RealPlayer 16.0.2.32 Buffer Overflow In .rmp File

2015-05-14

CVE-2011-1260 Microsoft Windows

Internet Explorer 8 MS11-050 MSHTML use-after-free

2015-05-13

CVE-2011-2371 Firefox

Firefox 3.6.16 ReduceRight() Integer Overflow

2015-03-27

No CVE Foxit

Foxit Reader 4.1.1 Stack Buffer Overflow

2015-03-04

CVE-2008-2992 Adobe

Adobe util.printf() Buffer Overflow

2015-03-03

CVE-2009-0927 Adobe

Adobe Collab.getIcon() Buffer Overflow

2015-03-02

CVE-2013-2463 Oracle Java

Oracle Java BytePackedRaster.verify() Signed Integer Overflow

2015-02-26

CVE-2013-2465 Oracle Java

Oracle Java storeImageArray function heap buffer overflow

2015-02-23

CVE-2014-0160 OpenSSL

OpenSSL Heartbeat (Heartbleed) Information Leak

Our first public micropatch