Patches

Fixing what’s really important.

The goal of 0patch is not to micropatch every vulnerability but the important ones, such as those exploited in the wild or those without official vendor patches. These are some of our most popular micropatches.

2019-04-25

CVE-2017-0176 Microsoft Windows XP/Server 2003 EsteemAudit  

Microsoft Windows XP SP3/Server 2003 SP2 RDP privilege escalation

2019-04-19
New
0day

No CVE Oracle Java  

Oracle Java RE out-of-bounds read during TTF font rendering in ExtractBitMap_blocClass

2019-04-16
New
0day

No CVE Microsoft Internet Explorer  

Missing Error Check on Reading Mark-Of-The-Web

Microsoft Edge uses a secret trick and breaks Internet Explorer's security

2019-04-04
New
0day

No CVE Oracle Java  

Oracle Java RE out-of-bounds read in AlternateSubstitutionSubtable::process

2019-04-04
New
0day

No CVE Oracle Java  

Oracle Java RE out-of-bounds read in OpenTypeLayoutEngine::adjustGlyphPositions

2019-02-21
Exploited

CVE-2018-20250 RARLAB WinRAR  

WinRAR ACE Path Traversal

2019-02-13
0day

CVE-2018-16858 OpenOffice  

OpenOffice Python Script Handler Directory Traversal

2019-02-13

CVE-2018-16858 LibreOffice  

LibreOffice Python Script Handler Directory Traversal

2019-02-11

CVE-2019-7089 Adobe Acrobat Reader DC  

Adobe Reader Callback Via UNC Path

2019-01-22
0day

No CVE Microsoft Windows  

Microsoft Windows Contacts Arbitrary Code Execution

2019-01-21

CVE-2019-0636 Microsoft Windows readfile  

MsiAdvertiseProduct Unauthorized File Read

2019-01-17
Exploited

CVE-2019-0863 Microsoft Windows AngryPolarBearBug  

Error Reporting Local Privilege Escalation

2018-11-21

CVE-2018-0952 Microsoft Windows  

Microsoft Diagnostic Hub Standard Collector Elevation Of Privilege

2018-10-24

CVE-2018-8584 Microsoft Windows deletebug  

Microsoft Data Sharing Service Arbitrary File Delete

2018-09-21

CVE-2018-8423 Microsoft Windows  

Out-Of-Bounds Write in Microsoft Jet Database Engine

Outrunning Attackers On The Jet Database Engine 0day

2018-09-19

CVE-2017-16720 Advantech WebAccess  

Advantech WebAccess webvrpcs "Draw" Remote Code Execution

2018-09-19

No CVE Advantech WebAccess  

Advantech WebAccess webvrpcs "View" Remote Code Execution

2018-09-10

CVE-2018-8353 Microsoft Windows  

Microsoft Scripting Engine Memory Corruption

2018-09-05

CVE-2018-8440 Microsoft Windows  

Microsoft Windows Task Scheduler ALPC Local Privilege Escalation

Publicly Dropped 0day in Task Schedule

2018-08-24

CVE-2018-8414 Microsoft Windows  

Microsoft Windows "SettingContent-ms" Remote Code Execution

Initially rejected for patching by Microsoft

2018-08-10

CVE-2018-12815 Adobe Acrobat Reader DC  

Adobe Acrobat Reader DC JSON Stringify Remote Code Execution

2018-08-07

CVE-2018-8242 Microsoft Windows  

Microsoft Scripting Engine Memory Corruption Vulnerability

2018-07-27

CVE-2018-12756 Adobe Acrobat Reader DC  

Adobe Acrobat Reader Use-After-Free memory corruption

2018-05-30

CVE-2017-17557 Foxit Reader  

Foxit Reader Arbitrary Code Execution Vulnerability

2018-05-14
Exploited

CVE-2018-8174 Microsoft Windows  

Microsoft Windows VBScript Engine Remote Code Execution Vulnerability

A micropatch instead of the official update that probably broke your network

2018-03-30
Exploited

CVE-2017-7269 Microsoft Windows Immortal  

Buffer overflow in WebDAV service ScStoragePathFromUrl

Heavily exploited in the wild for 9 months

2018-02-20
Exploited

CVE-2018-0802 Microsoft Windows Office  

Microsoft Office Equation Editor Memory Corruption

The Bug That Killed Equation Editor

2018-02-19

CVE-2018-5996 7-Zip  

7-Zip Memory Corruptions via RAR PPMd

2018-02-12

CVE-2018-0798 Microsoft Windows Office  

Microsoft Equation Editor Memory Corruption

Bringing back abandoned MS Equation Editor

2018-02-12

CVE-2017-17969 7-Zip  

7-Zip Heap Buffer Overflow

2017-11-23
Exploited

CVE-2017-11882 Microsoft Windows  

MS Office Equation Editor Memory Corruption

2017-11-09

CVE-2017-11826 Microsoft Windows  

Microsoft Word OOXML Parser Memory Corruption Vulnerability

2017-10-25

No CVE Microsoft Windows  

Microsoft Office DDE/DDEAUTO Remote Code Execution

It's a feature, not a bug

2017-10-04

CVE-2017-4924 VMware Workstation  

VMware Workstation Shader Out-Of-Bounds Write

Micropatching a hypervisor with running virtual machines

2017-09-29

CVE-2017-11282 Adobe Flash Player  

Adobe Flash Player Remote Memory Corruption Vulnerability

2017-09-21

CVE-2017-0022 Microsoft Windows  

Microsoft XML Core Services Information Disclosure Vulnerability

Exploit kit rendezvous

2017-09-07

CVE-2017-8464 Microsoft Windows  

Microsoft LNK Remote Code Execution Vulnerability

The New Stuxnet" Windows LNK Vulnerability

2017-09-01

CVE-2017-2779 National Instruments LabVIEW  

LabVIEW RSRC Arbitrary Null Write Code Execution

2017-08-24

CVE-2017-10952 Foxit Reader  

Foxit Reader saveAs Arbitrary File Write

A logical bug patched

2017-07-10

CVE-2017-0283 Microsoft Windows  

Microsoft Windows Uniscribe Remote Code Execution Vulnerability

2017-07-04

CVE-2013-2472 Oracle Java  

Oracle Java ShortComponentRaster.verify() Memory Corruption

2017-05-15

CVE-2017-0290 Microsoft Windows  

Microsoft Malware Protection Engine Type Confusion

Worst windows remote code execution

2017-04-04

CVE-2013-2473 Oracle Java  

Oracle Java Blit function heap buffer overflow

2017-04-04

CVE-2013-2471 Oracle Java  

Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow

2017-04-04

CVE-2013-2470 Oracle Java  

Oracle Java lookupByteBI function heap buffer overflow

2017-03-09

CVE-2017-0037 Microsoft Windows  

Internet Explorer 11 Type confusion in HandleColumnBreakOnColumnSpanningElement

2017-02-28

CVE-2017-0038 Microsoft Windows  

Microsoft Windows gdi32.dll EMF file information disclosure

2016-09-02

No CVE 0patch Agent  

Module loading logical error in 0patch Loader (functional flaw)

Patch to self, functional flaw

2016-07-26

CVE-2016-3740 Foxit Reader  

Foxit Reader ConvertToPDF TIFF SamplesPerPixel Parsing Heap Buffer Overflow

2016-06-17

CVE-2016-1077 Adobe Acrobat Reader DC  

Adobe Acrobat Reader Deflate Use-After-Free

2016-01-19

CVE-2014-6321 Microsoft Windows  

Windows schannel remote code execution (MS14-066)

First micropatch released on Twitter

2015-06-03

CVE-2013-7409 AllPlayer  

AllPlayer 5.8 Buffer Overflow In .M3u File

2015-06-03

CVE-2013-6877 RealPlayer  

RealPlayer 16.0.2.32 Buffer Overflow In .rmp File

2015-05-14

CVE-2011-1260 Microsoft Windows  

Internet Explorer 8 MS11-050 MSHTML use-after-free

2015-05-13

CVE-2011-2371 Mozilla Firefox  

Firefox 3.6.16 ReduceRight() Integer Overflow

2015-03-27

No CVE Foxit Reader  

Foxit Reader 4.1.1 Stack Buffer Overflow

2015-03-04

CVE-2008-2992 Adobe Acrobat Reader  

Adobe util.printf() Buffer Overflow

2015-03-03

CVE-2009-0927 Adobe Acrobat Reader  

Adobe Collab.getIcon() Buffer Overflow

2015-03-02

CVE-2013-2463 Oracle Java  

Oracle Java BytePackedRaster.verify() Signed Integer Overflow

2015-02-26

CVE-2013-2465 Oracle Java  

Oracle Java storeImageArray function heap buffer overflow

2015-02-23

CVE-2014-0160 OpenSSL  

OpenSSL Heartbeat (Heartbleed) Information Leak

Our first public micropatch