Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
07.29.2015 IBM Lotus Domino BMP parsing Buffer Overflow Exploit Update 2 IBM Domino is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing BMP images. By sending a specially-crafted bitmap image, a remote attacker could overflow a buffer and execute arbitrary code on the system or make the application crash. This version add encryption. CVE-2015-1903 Exploits/Remote Windows
07.27.2015 Microsoft Windows Kernel Use After Free Vulnerability Exploit (MS15-061) This module exploits an "Use After Free" vulnerability in win32k.sys by calling to "SetClassLong" function with crafted parameters CVE-2015-1724 Exploits/Local Windows
07.23.2015 Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2015-2426 Exploits/Local Windows
07.14.2015 Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists within the processing of AS3 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. This vulnerability was one of the 2015's Pwn2Own challenges. CVE-2015-0349 Exploits/Client Side Windows
07.12.2015 Adobe Flash Player opaqueBackground property Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw is in the opaqueBackground property within the setter of the flash.display.DisplayObject class. This vulnerability was found in the HackingTeam's leak on July 2015. ARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2015-5122 Exploits/Client Side Windows
07.12.2015 Microsoft Windows Kernel ATMFD Font Vulnerability Exploit This module exploits a vulnerability in atmfd.sys module by loading a crafted OTF font. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-73027 Exploits/Local Windows
07.07.2015 Adobe Flash Player ByteArray valueOf Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. This vulnerability was found on the HackingTeam's leak on July 2015. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2015-5119 Exploits/Client Side Windows
07.02.2015 Adobe Flash Player FLV Nellymoser Decoding Heap Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player when parsing malformed FLV objects. Attackers exploiting the vulnerability can corrupt memory and gain remote code execution. CVE-2015-3043 Exploits/Client Side Windows
07.01.2015 Zimbra Collaboration Server skin Local File Include Exploit Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent. CVE-2013-7091 Exploits/Remote Linux
07.01.2015 Adobe Flash Player ByteArray write method Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists when the suscriber is not notified if a ByteArray assigned to the ApplicationDomain is freed from an ActionScript worker. By forcing a reallocation by copying more contents than the original capacity to the shared buffer by using the ByteArray::writeBytes method call, the ApplicationDomain pointer is not updated leading to a use-after-free vulnerability. This allows to overwrite different objects like vectors and finally accomplish remote code execution. CVE-2015-0359 Exploits/Client Side Windows
06.30.2015 Adobe Flash Player Drawing Fill Shader Memory Corruption Exploit This module exploits a memory corruption vulnerability in Adobe Flash Player. The specific flaw exists when a Shader is applied as a drawing fill allowing an attacker to take control of a vulnerable machine and execute arbitrary code. This vulnerability was found exploited in the wild on June 2015. CVE-2015-3105 Exploits/Client Side Windows
06.29.2015 Adobe Flash Player FLV Parsing Memory Corruption Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player when parsing malformed FLV objects. Attackers exploiting the vulnerability can corrupt memory and gain remote code execution. This vulnerability has been found exploited in the wild in June 2015 in the Operation Clandestine Wolf campaign. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2015-3113 Exploits/Client Side Windows
06.24.2015 IBM Lotus Domino LDAP ModifyRequest Add Exploit The specific flaw exists within LDAP handling functionality which listens by default on TCP port 389. The vulnerable code blindly copies attacker supplied data from a specially formatted LDAP ModifyRequest packet to a fixed length stack buffer. CVE-2015-0117 Exploits/Remote Windows
06.24.2015 Adobe Flash Player ShaderJob Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player. The specific flaw exists when the "width" attribute of a ShaderJob is modified after starting the job allowing to an attacker to control the size of a destination buffer and the lenght of the copy operation. CVE-2015-3090 Exploits/Client Side Windows
06.18.2015 Adobe Flash Player AS2 NetConnection Type Confusion Exploit This module exploits a Type Confusion vulnerability in Adobe Flash Player. The specific flaw exist in the ActionScript 2 NetConnection class. When a NetConnection method is called with a parameter that is a native function object, its native data can be specified as a Number by the caller, but be interpreted as a pointer. This allows to overwrite different objects like vectors and finally accomplish remote code execution. CVE-2015-0336 Exploits/Client Side Windows
06.18.2015 Linux Overlayfs Local Privilege Escalation Exploit This module exploits a vulnerability in Linux. The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. CVE-2015-1328 Exploits/Local Linux
06.15.2015 VMware Workstation Printer Escape Vulnerability Exploit This module exploits a vulnerability in the VMware printer virtual device from the guest OS and install an agent in the host computer. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released versionin order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2015-2336 Exploits/Local Windows
06.11.2015 QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM) The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. CVE-2015-3456 Exploits/Local Linux
06.10.2015 Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 4 This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This update improves the exploit reliability when 64-bit targets have more than 4GB of RAM memory. CVE-2014-1767 Exploits/Local Windows
06.03.2015 IBM Lotus Domino BMP parsing Buffer Overflow Exploit Update IBM Domino is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing BMP images. By sending a specially-crafted bitmap image, a remote attacker could overflow a buffer and execute arbitrary code on the system or make the application crash. This version adds support for several Windows versions. CVE-2015-1903 Exploits/Remote Windows
06.03.2015 Microsoft Windows Win32k Privilege Escalation Exploit(MS15-010) win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." CVE-2015-0003 Exploits/Local Windows
05.26.2015 SMB Relay Update This update improves the SMB relay attack when SMB is signed. CVE-2008-4037 Exploits/Tools Windows
05.25.2015 Linux apport Race Condition Privilege Escalation Exploit This module exploits a vulnerability in the Linux apport application. The apport application can be forced to drop privileges to uid 0 and write a corefile anywhere on the system. This can be used to write a corefile with crafted contents in a suitable location to gain root privileges. CVE-2015-1325 Exploits/Local Linux
05.20.2015 IBM Lotus Domino BMP parsing Buffer Overflow Exploit IBM Domino is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing BMP images. By sending a specially-crafted bitmap image, a remote attacker could overflow a buffer and execute arbitrary code on the system or make the application crash. CVE-2015-1903 Exploits/Remote Windows
05.19.2015 Schneider Electric ProClima MetaDraw ObjLinks Property Exploit The MetaDraw ActiveX control's ObjLinks property can be assigned an attacker-supplied memory address and the control will redirect execution flow to this given memory address. This update add some Av Evasion capabilities CVE-2014-8514 Exploits/Client Side Windows
05.18.2015 Microsoft Windows HTTP.sys Range Integer Overflow Memory Disclosure Exploit (MS15-034) The code that handles the 'Range' HTTP header in the HTTP.sys driver in Microsoft Windows, which is used by Internet Information Services (IIS), is prone to an integer overflow vulnerability when processing a specially crafted HTTP request with a very long upper range. This integer overflow vulnerability can be leveraged to generate a memory disclosure condition, in which the HTTP.sys driver will return more data than it should from kernel memory, thus allowing remote unauthenticated attackers to obtain potentially sensitive information from the affected server. CVE-2015-1635 Exploits/Remote Windows
05.14.2015 Microsoft Windows Group Policy Remote Code Execution Vulnerability Exploit (MS15-011) This module exploits, via a "Man In The Middle" attack, a security flaw in the Domain Controller policies downloaded by clients during the logging process CVE-2015-0008 Exploits/Remote Windows
05.13.2015 Control Microsystems ClearSCADA Remote DoS Update This module exploits a vulnerability in the ClearSCADA Server service by sending a malformed packet to the 5481/TCP port to crash the application. This Update increases the MAX TRIES default value because it has not been reliable. CVE-2011-3143 Denial of Service/Remote Windows
05.12.2015 IBM Tivoli Storage Manager FastBackMount GetVaultDump Buffer Overflow Exploit Update The specific flaw exists within FastBackMount.exe which listens by default on TCP port 30051. When handling opcode 0x09 packets, the process blindly copies user supplied data into a stack-based buffer within CMountDismount::GetVaultDump. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. This exploit add support for x86_64. CVE-2015-0119 Exploits/Remote Windows
05.11.2015 Wordpress Comments XSS Exploit A cross-site scripting vulnerability exists in the comments rendering in Wordpress 4.1.1 and previous versions. This exploit abuses a persistent cross site scripting vulnerability in Wordpress to install an OS Agent in the server running the Wordpress installation. This update includes a module that posts a comment with the cross site scripting code as a comment in a Wordpress post. The javascript code will attempt to install a Wordpress plugin everytime the post comment is rendered. The plugin will in turn install an OS agent in the server running Wordpress. This update adds the option to use the module in a verification mode, so a comment can be posted to verify if it would be moderated with the current webapps scenario in use. NOCVE-9999-71907 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities Linux

Pages