NSFOCUS has performed great achievements in vulnerability research, which makes it a network security provider that has released the most vulnerability information in China.
According to statistics, NSFOCUS has released 36 CVE vulnerabilities in total and 8 CVE vulnerabilities in 2006. Most of them, critical in severity, have been confirmed and given solutions by the vendors. Users may retrieve the vulnerability details and associated URLs on the CVE website. NSFOCUS’ vulnerability achievements help users avoid the damages brought by hacker attacks.
As the earliest vulnerability research organization in China, NSFOCUS has fully represented its research capacities. All the CVE vulnerabilities discovered by NSFOCUS have been referenced by the influential vulnerability database Securityfocus, and most of them have also been referenced by other organizations or institutions dedicating to vulnerability information collection and releasing, including CERT, Secunia, Frsirt, OSVDB, XForce and Securitytracker. The vulnerabilities involved multiple operating systems and platforms, including Windows, HP-UX, AIX, Solaris, Cisco etc.
It is worthy mentioning that NSFOCUS has made greater achievements in the vulnerability discovery in 2006. The security team has discovered 8 CVE vulnerabilities, in which three entries, MS06-037, MS06-039 and MS06-059 are evaluated as "serious" or "critical" in severity by Microsoft and two entries, CVE-2006-3869 and CVE-2006-0007, are assigned with the CERT-VN. Generally speaking, a vulnerability cannot be referred to by CERT unless it is very critical, such as the Blaster, and the Sasser Internet worms.
Powered by its years of security vulnerability research and security product development capacity, NSFOCUS provides security research reports for those internationally well-known vendors including Microsoft, Sun, Cisco, HP, etc., as well as top-level security products and comprehensive security solutions for government agencies, telecom, financial, energy and other industries, in an attempt to help the customers build a reliable and peaceful network environment.
At present, NSFOCUS maintains the globally largest Chinese vulnerability bugtraq, which contains almost 10,000 security vulnerabilities and corresponding solution information. The NSFOCUS Security Team closely follows the world trend of security vulnerability development and real-time updates the bugtraq, ensuring to deliver comprehensive and timely vulnerability supports.
NSFOCUS guards the network security taking advantage of its outstanding vulnerability research and development achievements.
Tips:
The Common Vulnerabilities and Composures (CVE) initiative is maintained by the MITRE Corporation and is a list of standardized names for vulnerabilities and other information security exposures. CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
CVE has an Editorial Board which is responsible for the routine CVE confirmation. The board is comprised of world famous, authoritative security researchers. Established practices are followed when a potential security vulnerability is discovered. First a CVE candidate is created, then if the Editorial Board accepts the candidate, an official CVE entry is created that includes the description and references. The candidate number is converted into a CVE name by replacing the "CAN" with "CVE." The “CAN” and “CVE” entries are separately assigned on the CVE website.
A CVE entry fully displays its value when the concerning vendor conforms the vulnerability and releases a fix.
List of CVE Entries from NSFOCUS:
| Release Time |
CVE ID |
Vulnerability Name |
| 2006-08-25 |
CVE-2006-3869 |
Microsoft IE6 urlmon.dll Long URL Buffer Overflow (SA2006-08) |
| 2006-07-27 |
CVE-2006-3840 |
ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability (SA2006-07) |
| 2006-07-12 |
CVE-2006-1304 |
Microsoft Excel COLINFO Record Buffer Overflow Vulnerability (SA2006-06) |
| 2006-07-12 |
CVE-2006-1302 |
Microsoft Excel SELECTION Record Memory Corruption Vulnerability (SA2006-05) |
| 2006-07-12 |
CVE-2006-0007 |
Microsoft Office GIF Filter Buffer Overflow Vulnerability (SA2006-04) |
| 2006-04-24 |
CVE-2006-1247 |
IBM AIX rm_mlcache_file Local Race Condition Vulnerability (SA2006-03) |
| 2006-04-24 |
CVE-2006-1246 |
IBM AIX mklvcopy Local Privilege Escalation Vulnerability (SA2006-02) |
| 2006-02-23 |
CVE-2006-0720 |
Winamp m3u File Processing Buffer Overflow Vulnerability (SA2006-01) |
| 2005-08-10 |
CVE-2005-1990 |
Microsoft IE Devenum.dll COM Instantiation Remote Code Execution (SA2005-02) |
| 2005-01-27 |
CVE-2004-1150 |
Buffer Overflow in WinAMP in_cdda.dll CDA Device Name (SA2005-01) |
| 2004-10-20 |
CVE-2004-0965 |
HP-UX stmkfont Local Privilege Escalation Vulnerability (SA2004-02) |
| 2004-04-14 |
CVE-2004-2401 |
DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding (SA2004-01) |
| 2003-11-13 |
CVE-2000-0844 |
HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability (SA2003-08) |
| 2003-11-13 |
CVE-2003-0089 |
HP-UX Software Distributor Buffer Overflow Vulnerability (SA2003-07) |
| 2003-09-11 |
CVE-2003-0528 |
Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability (SA2003-06) |
| 2003-05-30 |
CVE-2003-0224 |
Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability (SA2003-05) |
| 2003-04-24 |
CVE-2003-0210 |
Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS (SA2003-04) |
| 2003-03-31 |
CVE-2003-0092 |
Solaris dtsession Heap Buffer Overflow Vulnerability (SA2003-03) |
| 2003-03-31 |
CVE-2003-0091 |
Solaris lpq Stack Buffer Overflow Vulnerability (SA2003-02) |
| 2003-03-27 |
CVE-2003-0004 |
Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability (SA2003-01) |
| 2002-04-04 |
CVE-2002-0151 |
Microsoft Windows MUP Overlong Request Kernel Overflow (SA2002-02) |
| 2002-04-02 |
CVE-2002-0158 |
Sun Solaris Xsun "-co" Heap Overflow (SA2002-01) |
| 2001-11-15 |
CVE-2001-0815 |
ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability (SA2001-07) |
| 2001-08-17 |
CVE-2001-0506 |
Microsoft IIS ssinc.dll Buffer Overflow Vulnerability (SA2001-06) |
| 2001-08-10 |
CVE-2001-0652 |
Solaris Xlock Heap Overflow Vulnerability (SA2001-05) |
| 2001-07-24 |
CVE-2001-0548 |
Solaris dtmail Buffer Overflow Vulnerability (SA2001-04) |
| 2001-06-25 |
CVE-2001-0341 |
Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability (SA2001-03) |
| 2001-05-15 |
CVE-2001-0333 |
Microsoft IIS CGI Filename Decode Error Vulnerability (SA2001-02) |
| 2000-01-09 |
CVE-2001-0007 |
NetScreen Firewall WebUI Buffer Overflow vulnerability (SA2001-01) |
| 2000-12-13 |
CVE-2000-1092 |
AHG EZshopper Loadpage.cgi File List Disclosure Vulnerability (SA2000-09) |
| 2000-12-13 |
CVE-2000-1090 |
Microsoft IIS for Far East Editions File Disclosure Vulnerability (SA2000-08) |
| 2000-11-07 |
CVE-2000-0886 |
Microsoft IIS 4.0/5.0 Web Directory Traversal Vulnerability (SA2000-06) |
| 2000-10-20 |
CVE-2000-0884 |
Microsoft Windows 9x NETBIOS password verification vulnerability (SA2000-05) |
| 2000-10-11 |
CVE-2000-0979 |
Microsoft Win9x client driver type comparing vulnerability (SA2000-04) |
| 2000-10-11 |
CVE-2000-1003 |
Microsoft WIN9X Share Service File Handle Vulnerability (SA2000-03) |
| 2000-07-18 |
CVE-2000-0630 |
IIS ISM.DLL Truncation Exposes File Content (SA2000-02) |
|
