CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
07.04.2012 FreeBSD Sysret Instruction Privilege Escalation Exploit On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local FreeBSD
07.03.2012 Netmechanica NetDecision HTTP Server Buffer Overflow Exploit Update A buffer overflow in NetDecision's HTTP service is exploited when a long URL is managed by the HTTP Server's active window. For successfull exploitation, the victim need to have the HttpSvr's window open. This version add CVE. CVE-2012-1465 Exploits/Remote Windows
07.02.2012 Adobe Flash Player _error Object Confusion Exploit This module exploits an object type confusion vulnerability in Adobe Flash Player. The specific error occurs due to the way Adobe Flash handles the AMF0 response (_error) when connecting to a malicious RTMP server. By supplying a crafted AMF0 response it is possible to execute arbitrary code in the context of the vulnerable application. CVE-2012-0779 Exploits/Client Side Windows
07.02.2012 Apple QuickTime TeXML Stack Buffer Overflow Exploit Update A vulnerability found in Apple QuickTime Player when handling a crafted TeXML file, it is possible to trigger a stack-based buffer overflow. This update bypass DEP for Internet Explorer 8 support and for execute the mov file directly in Quicktime player. CVE-2012-0663 Exploits/Client Side Windows
07.01.2012 Symantec Web Gateway PHP Injection Exploit This module exploits a remote code execution vulnerability in Symantec Web Gateway by using a log injection and a local file inclusion to run an arbitrary PHP script. CVE-2012-0297 Exploits/Remote Linux
07.01.2012 Microsoft Internet Explorer XML Core Services MSXML Uninitialized Memory Exploit Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0, as used by Internet Explorer, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code by enticing an unsuspecting user to visit a specially crafted web site. CVE-2012-1889 Exploits/Client Side Windows
06.28.2012 Apple QuickTime TeXML Stack Buffer Overflow Exploit A vulnerability found in Apple QuickTime Player when handling a crafted TeXML file, it is possible to trigger a stack-based buffer overflow. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-0663 Exploits/Client Side Windows
06.28.2012 IrfanView Formats Plugin TTF File Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the Formats plug-in (Formats.dll) when handling TFF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted TFF file. NOCVE-9999-52592 Exploits/Client Side Windows
06.26.2012 Microsoft Internet Explorer HTML Object Memory Corruption Exploit (MS10-002) This module exploits a use-after-free vulnerability in the MSHTML component in Internet Explorer. The specific error ocurrs due to the way Internet Explorer handles objects in memory. It is possible to use a pointer in CTableRowCellsCollectionCacheItem::GetNext after it gets freed and get remote code execution. This vulnerability was one of the 2012's Pwn2Own challenges. CVE-2010-0248 Exploits/Client Side Windows
06.26.2012 Apple Itunes M3U File Buffer Overflow Exploit Apple Itunes is prone to a buffer-overflow when handling M3U files with an overly long string. CVE-2012-0677 Exploits/Client Side Windows
06.26.2012 EZHomeTech EzServer Buffer Overflow Exploit EzServer is prone to a buffer-overflow when handling packets with an overly long string. NOCVE-9999-52789 Exploits/Remote Windows
06.24.2012 ABB Robot Communications Runtime Buffer Overflow Exploit A buffer overflow exists in a component of the Robot Communication Runtime used in some ABB programs for the communications to the IRC5, IRC5C, and IRC5P robot controllers. This version add CVE. CVE-2012-0245 Exploits/Remote Windows
06.21.2012 PHP-CGI Argument Injection Exploit Update This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms. CVE-2012-1823 Exploits/Remote Windows, OpenBSD, Linux, FreeBSD
06.21.2012 VLC Media Player libmodplug Buffer Overflow Exploit Update VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files. This version adds the CVE number. CVE-2011-1574 Exploits/Client Side Windows
06.20.2012 Asterisk HTTP Digest DoS This module triggers a stack corruption vulnerability in Asterisk by sending a malformed packet to the 8088/TCP port. CVE-2012-1184 Denial of Service/Remote Solaris, Linux
06.20.2012 VideoSpirit Pro Buffer Overflow Exploit Update VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. This update adds the CVE number. CVE-2011-0499 Exploits/Client Side Windows
06.20.2012 Diamond Programmer XCF File Processing Buffer Overflow Exploit Diamond Programmer is prone to a buffer-overflow when handling specially crafted XCF files with an overly long string. CVE-2012-2614 Exploits/Client Side Windows
06.17.2012 GIMP script-fu Server Buffer Overflow Exploit There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) when sending a crafted package to the port 10008. CVE-2012-2763 Exploits/Remote Windows, Linux
06.13.2012 MicroP MPPL File Buffer Overflow Exploit MicroP is prone to a buffer-overflow when handling MPPL files with an overly long string. NOCVE-9999-52553 Exploits/Client Side Windows
06.11.2012 Cisco Linksys PlayerPT ActiveX Control Buffer Overflow Exploit This module exploits a vulnerability in the PlayerPT.ocx module included in the Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera application. The exploit is triggered when the SetSource() method processes a crafted argument resulting in a buffer overflow. CVE-2012-0284 Exploits/Client Side Windows
06.11.2012 RabidHamster R4 Log Entry sprintf Buffer Overflow Exploit A stack overflow found in RabidHamster R4's web server by supplying a malformed HTTP request when generating a log. NOCVE-9999-52541 Exploits/Remote Windows
06.10.2012 Apple QuickTime QTVR QTVRStringAtom Buffer Overflow Exploit The vulnerability exists within the QuickTimeVR.qtx component when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a based buffer overflow and execute arbitrary code under the context of the user running the application. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-0667 Exploits/Client Side Windows
06.07.2012 IBM Tivoli Provisioning Manager Express for Software ActiveX Buffer Overflow Exploit Update 2 A flaw exists within the way the IBM Tivoli Provisioning Manager Express for Software ActiveX Control parses data supplied to the RunAndUploadFile function. The ActiveX control is used to create an Asset Information file for the local system to be uploaded to the IBM Tivoli Provisioning Manager Express Server. This update corrects the CVE number, adds support for Internet Explorer 8 and disables DEP. This update improves the exploit. CVE-2012-0198 Exploits/Client Side Windows
06.06.2012 IBM Tivoli Provisioning Manager Express for Software ActiveX Buffer Overflow Exploit Update A flaw exists within the way the IBM Tivoli Provisioning Manager Express for Software ActiveX Control parses data supplied to the RunAndUploadFile function. The ActiveX control is used to create an Asset Information file for the local system to be uploaded to the IBM Tivoli Provisioning Manager Express Server. This update corrects the CVE number, adds support for Internet Explorer 8 and disables DEP. CVE-2012-0198 Exploits/Client Side Windows
06.06.2012 MSRPC DCOM Exploit Update 2 This Update adds MS03-026 in XML. CVE-2003-0352 Exploits/Remote Windows
06.06.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. This update fixes an error on Impact v12.3. CVE-2006-6184 Exploits/Remote Windows
06.06.2012 Adobe Photoshop Collada Asset Elements Buffer Overflow Exploit Adobe Photoshop CS5.1 is prone to a unicode overflow which occurs when overlong asset elements are processed. CVE-2012-2052 Exploits/Client Side Windows
06.05.2012 Samba Username Map Script Command Injection Exploit Update The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. This update adds Solaris support. CVE-2007-2447 Exploits/Remote Solaris, Linux
06.04.2012 OpenSSH unexpected PAM authentication exploit Update This module exploits an error in the PAM authentication code and installs an agent into the target host. This update improves the reliability of the exploit. CVE-2003-0786 Exploits/Remote Solaris, Linux
05.31.2012 HP Easy Printer Care XMLCacheMgr Class ActiveX Control Code Execution Exploit This module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embeddeding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. CVE-2011-4786 Exploits/Client Side Windows

Pages