Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
02.27.2013 Adobe Acrobat Reader acroform.api Exploit This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to memory corruption method in acroform.api. This can be exploited to cause code execution when a specially crafted .PDF file is opened in Adobe Reader or is opened embedded in a browser. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-0640 Exploits/Client Side Windows
08.05.2009 Adobe Acrobat Reader and Flash Player Code Execution Exploit Adobe Acrobat Reader, and Flash Player are prone to a remote code-execution by supplying a malicious Flash (.SWF) file or by embedding a malicious Flash application in a .PDF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1862 Exploits/Client Side Windows
06.07.2010 Adobe Acrobat Reader authplay Exploit This module exploits a vulnerability in Adobe Reader when parsing .PDF files. The vulnerability is caused due to a boundary error in authplay.dll when handling crafted malicious Flash (.SWF) file or by embedding a malicious Flash application in a .PDF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-1297 Exploits/Client Side Windows
07.14.2011 Adobe Acrobat Reader x3d Buffer Overflow Exploit An specific flaw exists within the application explicitly trusting a string's length embedded within a particular file that is loaded by both tesselate.x3d and 3difr.x3d plugins. CVE-2011-2094 Exploits/Client Side Windows
02.13.2011 Adobe Acrobat X Pro updaternotifications DLL Hijacking Exploit Adobe Acrobat X Pro is prone to a vulnerability that may allow the execution of any library file named updaternotifications.dll, if this dll is located in the same folder as a .PDF file. The attacker must entice a victim into opening a specially crafted .PDF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. NOCVE-9999-47141 Exploits/Client Side Windows
09.29.2013 Adobe ColdFusion APSB13-03 Remote Code Execution Exploit Adobe ColdFusion is vulnerable to a remote authentication-bypass, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows. CVE-2013-0625 Exploits/Remote Windows
07.21.2014 Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. CVE-2013-3336 Exploits/Remote Windows, Linux
08.26.2010 Adobe ColdFusion locale Remote Code Execution Exploit An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product. CVE-2010-2861 Exploits/Remote Windows, Linux
11.30.2010 Adobe Device Central CS4 ibfs32 DLL Hijacking Exploit Adobe Device Central CS4 is prone to a vulnerability that may allow execution of ibfs32.dll if this dll is located in the same folder than .ADCP file. NOCVE-9999-45896 Exploits/Client Side Windows
12.01.2010 Adobe Device Central CS5 dwmapi DLL Hijacking Exploit Adobe Device Central CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .ADCP file. NOCVE-9999-45902 Exploits/Client Side Windows
11.30.2010 Adobe Dreamweaver CS5 dwmapi DLL Hijacking Exploit Adobe Dreamweaver CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .DWT file. CVE-2010-3132 Exploits/Client Side Windows
12.01.2010 Adobe ExtendScript Toolkit dwmapi DLL Hijacking Exploit Adobe ExtendScript Toolkit is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .JSX file. NOCVE-9999-45897 Exploits/Client Side Windows
12.01.2010 Adobe Extension Manager CS5 dwmapi DLL Hijacking Exploit Adobe Extension Manager CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .MXI file. CVE-2010-3154 Exploits/Client Side Windows
01.25.2013 Adobe Flash Player ActiveX SWF Memory Corruption Exploit This module exploits a memory corruption vulnerability in Adobe Flash Player when parsing a specially crafted .SWF file, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site. CVE-2012-5271 Exploits/Client Side Windows
07.05.2011 Adobe Flash Player Arguments Indexing Exploit Flash Player is prone to a memory corruption vulnerability that is caused by the lack of bounds-checking when indexing the arguments of a function. This can be exploited to execute arbitrary code by enticing an unsuspecting user to visit a malicious Web page containing a specially crafted SWF file. This exploit bypasses ASLR and DEP in order to deploy an agent. CVE-2011-2110 Exploits/Client Side Windows
05.04.2014 Adobe Flash Player AVM2 Integer Underflow Exploit This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-0497 Exploits/Client Side Windows
06.01.2014 Adobe Flash Player AVM2 Integer Underflow Exploit Update This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014. This update adds support for Windows 7 x64, Windows Server 2008 x64 and Windows Server 2008 R2 x64. CVE-2014-0497 Exploits/Client Side Windows
09.19.2010 Adobe Flash Player Content Processing Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2884 Exploits/Client Side Windows
04.26.2009 Adobe Flash Player Linux Command Injection Exploit This module exploits a command injection in Adobe Flash Player triggered when processing a specially crafted SWF file. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This exploit needs the product Adobe Air (Any version) installed on the vulnerable system. CVE-2008-5499 Exploits/Client Side Linux
03.27.2012 Adobe Flash Player MP4 cprt Buffer Overflow Exploit A memory corruption vulnerability in Adobe Flash Player allows attackers to execute arbitrary code sending a crafted MP4 file. CVE-2012-0754 Exploits/Client Side Windows
02.06.2012 Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow Exploit A buffer overflow vulnerability when handling MP4 files that lead to code execution. CVE-2011-2140 Exploits/Client Side Windows
05.07.2014 Adobe Flash Player Pixel Bender Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player in the flash.Display.Shader class when setting a Pixel Bender Filte as the Shader bytecode. This vulnerability has been found exploited in-the-wild during April 2014. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-0515 Exploits/Client Side Windows
03.09.2014 Adobe Flash Player SharedObject Use-After-Free Exploit Adobe Flash Player is prone to a use-after-free vulnerability when finishing a Worker thread containing a SharedObject. This vulnerability can be exploited to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a web site containing a specially crafted SWF file. CVE-2014-0502 Exploits/Client Side Windows
05.28.2008 Adobe Flash Player SWF Buffer Overflow Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. CVE-2007-0071 Exploits/Client Side Windows
07.07.2008 Adobe Flash Player SWF Buffer Overflow Exploit Update This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. This update adds support for Windows Vista. CVE-2007-0071 Exploits/Client Side Windows
09.10.2009 Adobe Flash Player SWF Buffer Overflow Exploit Update 2 This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. This update resolves an issue with how the exploit uses client side cookies. CVE-2007-0071 Exploits/Client Side Windows
07.27.2009 Adobe Flash Player SWF Content Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1862 Exploits/Client Side Windows
11.02.2009 Adobe Flash Player SWF Content Exploit Update This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. This update adds support for One Link Multiple Clientsides. CVE-2009-1862 Exploits/Client Side Windows
04.11.2011 Adobe Flash Player SWF File Memory Corruption Exploit Adobe Flash Player is prone to a memory corruption vulnerability when parsing a specially crafted .SWF file, which can be exploited by remote attackers to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site. This vulnerability has been found exploited in-the-wild during April 2011. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-0611 Exploits/Client Side Windows
05.04.2011 Adobe Flash Player SWF File Memory Corruption Exploit Update Adobe Flash Player is prone to a memory corruption vulnerability when parsing a specially crafted .SWF file, which can be exploited by remote attackers to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site. This vulnerability has been found exploited in-the-wild during April 2011. This update adds support for Windows Seven. CVE-2011-0611 Exploits/Client Side Windows

Pages