Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort ascending Platform
06.03.2013 HP Intelligent Management FaultDownloadServlet Directory Traversal Exploit This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the FaultDownloadServlet component, an attacker can retrieve arbitrary files. CVE-2012-5202 Exploits/Remote File Disclosure Windows
06.03.2013 HP Intelligent Management IctDownloadServlet Directory Traversal Exploit This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the IctDownloadServlet component, an attacker can retrieve arbitrary files. CVE-2012-5204 Exploits/Remote File Disclosure Windows
10.22.2012 SQL Injection Analyzer Update 2 Test a web page's parameters trying to detect potential SQL Injection vulnerabilities. this update is for 12.5. Exploits/SQL Injection/Analyzer
08.01.2012 SQL Injection Analyzer Update Test a web page's parameters trying to detect potential SQL Injection vulnerabilities. The module can be configured to look for vulnerabilities in GET & POST parameters and cookies. This update adds an additional trigger to the FAST set of SQL injection triggers for the SQL Injection analyzer to use. Exploits/SQL Injection/Analyzer
10.26.2011 iPhone Buffer Overflow Exploit Update This module updates the platform names and adds the CVE references for the iPhone Exploit. CVE-2011-0227 Exploits/Client Side/Mobile
03.07.2012 Android Webkit Floating Point Datatype Exploit WebKit in Android 2.1 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. Exploits/Client Side/Mobile
04.08.2014 AV Shell improvement This update is to increase the realiability of AV shell module. Post Exploitation
11.06.2011 Remote Network Interface Performance Enhancements v12 Rev 1 Added some performance enhancements for the Remote Network Interface module. Post Exploitation
05.31.2011 Network Post Exploitation improvements v11 rev1 This update improves reliability of "Pass The Hash", "Who is There" and "Remote Desktop Access" modules, which happened to have problems when executed in the context of an agent running as SYSTEM user. Post Exploitation
05.22.2011 Microsoft Windows OpenType Font Double Free DoS (MS10-091) A double free vulnerability in the OpenType Font (OTF) driver in Windows could allow local users to escalate their privileges via a specially crafted OpenType font. CVE-2010-3957 Denial of Service/Local Windows
01.04.2012 Microsoft Windows TrueType Font Parsing Vulnerability DoS (MS11-087) When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-3402 Denial of Service/Local Windows
10.12.2010 Microsoft Windows OpenType Font Validation DoS (MS10-078) This module exploits a vulnerability in the way that the Windows OpenType Font (OTF) format driver improperly parses specially crafted OpenType fonts. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2741 Denial of Service/Local Windows
09.22.2009 Microsoft Windows MSMQ Null Pointer DoS (MS09-040) This module exploits a vulnerability in Microsoft Message Queue Service driver (MQAC.SYS). The IOCTL handler in the MQAC.SYS device driver allows local users to overwrite memory via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-1922 Denial of Service/Local Windows
07.14.2011 Microsoft Windows CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability DoS (MS11-056) This module exploits a vulnerability on Microsoft Windows "CSRSS.EXE" process and causes a BSoD. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-1283 Denial of Service/Local Windows
02.14.2011 Microsoft Windows Hyper-V VMBus Vulnerability DoS (MS10-102) This module exploits a vulnerability on Microsoft Hyper-V sending a crafted packet from the "guest OS" to the "host OS" through the vmbus mechanism. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3960 Denial of Service/Local Windows
06.03.2010 Microsoft Windows Exception Handler DoS (MS10-021) This module exploits a vulnerability in Microsoft Windows via a specially crafted call to the vulnerable function. CVE-2010-0810 Denial of Service/Local Windows
12.19.2013 Microsoft Windows Win32k Integer Overflow DoS (MS13-101) Update This module exploits a vulnerability in win32k.sys by calling to "NtGdiGetTextExtent" function with crafted parameters. This update adds support to Windows 2003 (32 and 64 bits), Windows Vista (32 and 64 bits), Windows 2008 (32 and 64 bits), Windows 7 64 bits, Windows 2008 R2, Windows 8 ( 32 and 64 bits) and Windows 2012. CVE-2013-5058 Denial of Service/Local Windows
05.16.2013 Microsoft Windows Win32k Divide Error Exception DoS (MS13-046) This module exploits a Windows kernel vulnerability calling to "NtGdiScaleViewportExtEx" function by using crafted parameters. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-1334 Denial of Service/Local Windows
06.09.2014 Microsoft Windows Win32k Information Disclosure Vulnerability DoS (MS14-015) This module exploits a vulnerability in "win32k.sys" by calling to "NtUserValidateHandleSecure" function with crafted parameters. This is a documentation update from the original module "Microsoft Windows Win32k IsHandleEntrySecure Null Pointer Dereference DoS". CVE-2014-0323 Denial of Service/Local Windows
06.16.2010 Microsoft Windows Registry SymLink DoS (MS010-021) This module exploits a denial of service vulnerability in the Windows kernel related to the way the kernel processes values of registry symbolic links. CVE-2010-0235 Denial of Service/Local Windows
06.13.2011 Microsoft Windows Hyper-V VMBus Non Responsiveness Vulnerability DoS (MS11-047) This module exploits a vulnerability on Microsoft Hyper-V sending a crafted packet from the "guest OS" to the "host OS" through the vmbus mechanism producing a non responsiveness effect in the all virtual machines running at the time. CVE-2011-1872 Denial of Service/Local Windows
01.11.2012 Microsoft Windows TrueType Font Parsing Vulnerability DoS (MS11-087) Update This update adds support to Microsoft Windows Vista, Microsoft Windows 2008 and Microsoft Windows 7. When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD. CVE-2011-3402 Denial of Service/Local Windows
04.19.2013 Microsoft Windows Win32k Font Parsing Vulnerability DoS (MS13-036) This module exploits a vulnerability in Windows kernel (win32k.sys) when a crafted TTF font is open. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-1291 Denial of Service/Local Windows
12.05.2012 Microsoft Windows TrueType Font File Vulnerability DoS (MS12-075) This module causes a BSOD in Microsoft Windows when parsing a specially crafted .TTF font file. CVE-2012-2897 Denial of Service/Local Windows
08.19.2010 Microsoft Windows CreateDIBPalette Local DoS This module exploits a vulnerability in Microsoft Windows via a specially crafted call to the vulnerable function CreateDIBPalette. CVE-2010-2739 Denial of Service/Local Windows
06.14.2011 Microsoft Windows Win32k OTF Validation DoS (MS11-041) This module causes a BSOD in Microsoft Windows when parsing a specially crafted OpenType font file. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-1873 Denial of Service/Local Windows
01.16.2014 Microsoft Windows Win32k IsHandleEntrySecure Null Pointer Dereference DoS This module exploits a vulnerability in win32k.sys calling win32k!IsHandleEntrySecure function with crafted parameters. NOCVE-9999-60893 Denial of Service/Local Windows
08.08.2010 Avast Internet Security aswFW.sys Driver IOCTL Handling Local DoS Avast! Internet Security is prone to a local denial-of-service vulnerability. Local attackers can exploit this issue to cause denial-of-service conditions. NOCVE-9999-44673 Denial of Service/Local Windows
03.13.2011 Microsoft Windows Hyper-V VMBus Vulnerability DoS (MS10-102) Update This module adds support to Microsoft Windows 2003, Microsoft Windows Vista and Microsoft Windows Seven as a "guest OS". This module exploits a vulnerability on Microsoft Hyper-V sending a crafted packet from the "guest OS" to the "host OS" through the vmbus mechanism. CVE-2010-3960 Denial of Service/Local Windows
10.12.2011 Microsoft Windows Win32k Null Pointer Dereference DoS (MS11-077) This module exploits a vulnerability on win32k.sys sending a crafted message from user to kernel. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-1985 Denial of Service/Local Windows

Pages