CPR-Zero

Check Point Research Vulnerability Repository

As part of our ongoing efforts in Check Point Research, we invest significant resources in our vulnerability research. For every vulnerability we discover, we first notify the vendor and immediately develop new protections which are integrated into the Check Point line of products.

During the course of our research, we come across a huge number of vulnerabilities, some more “interesting” than others. Many of the vulnerabilities we discover are also shared publicly, such as 50 CVEs in 50 Days: Fuzzing Adobe Reader, What the FAX?!, and Extracting a 19 year old vulnerability from WinRAR. While some of the vulnerabilities are published, many are not.

As mentioned in our policy, the normal practice for publicly disclosing vulnerabilities is to give the relevant vendor 90 days to fix the problem before informing the public, thus allowing users to take the necessary steps to avoid attacks. We find that user awareness plays a major role in the decision to update the environment and patch the vulnerability.

For these reasons, we decided to create the CPR-Zero Repository to include the vast majority of the vulnerabilities we discover and disclose, even if they are not featured in a particular publication. The repository contains detailed information regarding each vulnerability, including a crash dump, a short explanation and sometimes also a proof-of-concept (POC). The repository currently stands at more than 150 vulnerabilities and keeps expanding as we discover new and interesting vulnerabilities.

The repository is an ongoing effort and is continually updated. The process is not automatic, however, and we reserve the right not to disclose any bugs that may be of higher risk.

Check Point Research boasts some of the most talented and capable experts in the field. We strive to stay ahead of malicious actors by developing new research tools, mitigation techniques and identifying novel attack vectors. The vulnerability repository plays a key role in our effort to notify users of new risks as well as encourage vendors to take the necessary steps to continue to provide a risk-free user experience when browsing the internet.

Check Point Research (@CPResearch)