Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort ascending Platform
06.03.2013 HP Intelligent Management FaultDownloadServlet Directory Traversal Exploit This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the FaultDownloadServlet component, an attacker can retrieve arbitrary files. CVE-2012-5202 Exploits/Remote File Disclosure Windows
06.03.2013 HP Intelligent Management IctDownloadServlet Directory Traversal Exploit This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the IctDownloadServlet component, an attacker can retrieve arbitrary files. CVE-2012-5204 Exploits/Remote File Disclosure Windows
10.22.2012 SQL Injection Analyzer Update 2 Test a web page's parameters trying to detect potential SQL Injection vulnerabilities. this update is for 12.5. Exploits/SQL Injection/Analyzer
08.01.2012 SQL Injection Analyzer Update Test a web page's parameters trying to detect potential SQL Injection vulnerabilities. The module can be configured to look for vulnerabilities in GET & POST parameters and cookies. This update adds an additional trigger to the FAST set of SQL injection triggers for the SQL Injection analyzer to use. Exploits/SQL Injection/Analyzer
03.07.2012 Android Webkit Floating Point Datatype Exploit WebKit in Android 2.1 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. Exploits/Client Side/Mobile
10.26.2011 iPhone Buffer Overflow Exploit Update This module updates the platform names and adds the CVE references for the iPhone Exploit. CVE-2011-0227 Exploits/Client Side/Mobile
04.08.2014 AV Shell improvement This update is to increase the realiability of AV shell module. Post Exploitation
11.06.2011 Remote Network Interface Performance Enhancements v12 Rev 1 Added some performance enhancements for the Remote Network Interface module. Post Exploitation
05.31.2011 Network Post Exploitation improvements v11 rev1 This update improves reliability of "Pass The Hash", "Who is There" and "Remote Desktop Access" modules, which happened to have problems when executed in the context of an agent running as SYSTEM user. Post Exploitation
04.23.2014 Microsoft Windows OpenType Engine Infinite Loop DoS (MS12-078) The OpenType Font driver in Microsoft Windows doesn't sufficiently validate user supplied input, leading to a denial of service vulnerability . CVE-2012-2556 Denial of Service/Local Windows
12.11.2013 Microsoft Windows Win32k Integer Overflow DoS (MS13-101) This module exploits a vulnerability in win32k.sys by calling to "NtGdiGetTextExtent" function with crafted parameters. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-5058 Denial of Service/Local Windows
01.20.2014 Microsoft Windows Hyper-V Address Corruption Vulnerability DoS (MS13-092) This module exploits a vulnerability in the hypervisor of Hyper-V by sending a crafted hypercall from the "guest OS" to the "host OS". CVE-2013-3898 Denial of Service/Local Windows
09.17.2013 Microsoft Windows Win32k Divided Error Exception DoS (MS13-046) Update This module exploits a Windows kernel vulnerability calling to "NtGdiScaleViewportExtEx" function by using crafted parameters. This update adds support for all 32 bit Windows versions. CVE-2013-1334 Denial of Service/Local Windows
06.06.2011 Microsoft Windows OpenType Stack Overflow DoS (MS11-032) This module exploits a kernel stack exhaustion in Microsoft Windows when parsing a specially crafted OpenType font file. CVE-2011-0034 Denial of Service/Local Windows
10.13.2011 Microsoft Windows Font Library File Vulnerability DoS (MS11-077) This module causes a BSOD in Microsoft Windows when parsing a specially crafted .FON font file. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-2003 Denial of Service/Local Windows
05.22.2011 Microsoft Windows OpenType Font Double Free DoS (MS10-091) A double free vulnerability in the OpenType Font (OTF) driver in Windows could allow local users to escalate their privileges via a specially crafted OpenType font. CVE-2010-3957 Denial of Service/Local Windows
01.04.2012 Microsoft Windows TrueType Font Parsing Vulnerability DoS (MS11-087) When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-3402 Denial of Service/Local Windows
10.12.2010 Microsoft Windows OpenType Font Validation DoS (MS10-078) This module exploits a vulnerability in the way that the Windows OpenType Font (OTF) format driver improperly parses specially crafted OpenType fonts. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2741 Denial of Service/Local Windows
09.22.2009 Microsoft Windows MSMQ Null Pointer DoS (MS09-040) This module exploits a vulnerability in Microsoft Message Queue Service driver (MQAC.SYS). The IOCTL handler in the MQAC.SYS device driver allows local users to overwrite memory via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-1922 Denial of Service/Local Windows
07.14.2011 Microsoft Windows CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability DoS (MS11-056) This module exploits a vulnerability on Microsoft Windows "CSRSS.EXE" process and causes a BSoD. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-1283 Denial of Service/Local Windows
02.14.2011 Microsoft Windows Hyper-V VMBus Vulnerability DoS (MS10-102) This module exploits a vulnerability on Microsoft Hyper-V sending a crafted packet from the "guest OS" to the "host OS" through the vmbus mechanism. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3960 Denial of Service/Local Windows
06.03.2010 Microsoft Windows Exception Handler DoS (MS10-021) This module exploits a vulnerability in Microsoft Windows via a specially crafted call to the vulnerable function. CVE-2010-0810 Denial of Service/Local Windows
12.19.2013 Microsoft Windows Win32k Integer Overflow DoS (MS13-101) Update This module exploits a vulnerability in win32k.sys by calling to "NtGdiGetTextExtent" function with crafted parameters. This update adds support to Windows 2003 (32 and 64 bits), Windows Vista (32 and 64 bits), Windows 2008 (32 and 64 bits), Windows 7 64 bits, Windows 2008 R2, Windows 8 ( 32 and 64 bits) and Windows 2012. CVE-2013-5058 Denial of Service/Local Windows
05.16.2013 Microsoft Windows Win32k Divide Error Exception DoS (MS13-046) This module exploits a Windows kernel vulnerability calling to "NtGdiScaleViewportExtEx" function by using crafted parameters. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-1334 Denial of Service/Local Windows
06.09.2014 Microsoft Windows Win32k Information Disclosure Vulnerability DoS (MS14-015) This module exploits a vulnerability in "win32k.sys" by calling to "NtUserValidateHandleSecure" function with crafted parameters. This is a documentation update from the original module "Microsoft Windows Win32k IsHandleEntrySecure Null Pointer Dereference DoS". CVE-2014-0323 Denial of Service/Local Windows
06.16.2010 Microsoft Windows Registry SymLink DoS (MS010-021) This module exploits a denial of service vulnerability in the Windows kernel related to the way the kernel processes values of registry symbolic links. CVE-2010-0235 Denial of Service/Local Windows
06.13.2011 Microsoft Windows Hyper-V VMBus Non Responsiveness Vulnerability DoS (MS11-047) This module exploits a vulnerability on Microsoft Hyper-V sending a crafted packet from the "guest OS" to the "host OS" through the vmbus mechanism producing a non responsiveness effect in the all virtual machines running at the time. CVE-2011-1872 Denial of Service/Local Windows
01.11.2012 Microsoft Windows TrueType Font Parsing Vulnerability DoS (MS11-087) Update This update adds support to Microsoft Windows Vista, Microsoft Windows 2008 and Microsoft Windows 7. When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD. CVE-2011-3402 Denial of Service/Local Windows
04.19.2013 Microsoft Windows Win32k Font Parsing Vulnerability DoS (MS13-036) This module exploits a vulnerability in Windows kernel (win32k.sys) when a crafted TTF font is open. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-1291 Denial of Service/Local Windows
12.05.2012 Microsoft Windows TrueType Font File Vulnerability DoS (MS12-075) This module causes a BSOD in Microsoft Windows when parsing a specially crafted .TTF font file. CVE-2012-2897 Denial of Service/Local Windows

Pages