CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
09.28.2008 Acoustica Beatcraft BCPROJ Buffer Overflow Exploit Acoustica Beatcraft contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Acoustica Beatcraft when handling .BCPROJ files. CVE-2008-4087 Exploits/Client Side
09.24.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. CVE-2008-4193 Exploits/Remote Windows
09.22.2008 Acoustica MP3 CD Burner ASX Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing malformed ASX playlist files. This can be exploited to cause a stack-based buffer overflow tricking a user into opening a specially crafted playlist file containing a ref tag with an overly long href attribute. CVE-2007-3006 Exploits/Client Side
09.21.2008 Microsoft Jet Database Engine Buffer Overflow Exploit Update This module exploits a vulnerability in Microsoft Jet Database (msjet40.dll) through a Microsoft Word document. The vulnerability is caused due to a boundary error in msjet40.dll within the processing of MDB files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This update corrects documentation. CVE-2008-1092 Exploits/Client Side Windows
09.19.2008 Microsoft Windows GDI Plus WMF Buffer Overflow Exploit (MS08-052) When the method WmfEnumState::DibCreatePatternBrush in the GDI Plus library processes a WMF file with a malformed CreatePatternBrush record, this produces a stack overflow. CVE-2008-3014 Exploits/Client Side Windows
09.18.2008 Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway. This version add support for Windows 2003 and all systems with DEP enabled. CVE-2008-0871 Exploits/Remote Windows
09.16.2008 Acoustica Mixcraft MX4 Buffer Overflow Exploit Acoustica Mixcraft is prone to a buffer-overflow vulnerability in the handling of .MX4 project files, because the application fails to bounds-check user-supplied data, before copying it into an insufficiently sized buffer. CVE-2008-3877 Exploits/Client Side Windows
09.16.2008 BlazeDVD PLF Playlist Buffer Overflow Exploit BlazeDVD is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files. CVE-2006-6199 Exploits/Client Side Windows
09.14.2008 Blue Coat K9 Web Protection Referer Privilege Escalation Exploit K9 Web Protection's local administration interface is vulnerable to a stack based buffer overflow while processing Referer HTTP headers. Local attackers could abuse this vulnerability to escalate privileges and execute arbitrary code as SYSTEM. CVE-2007-2952 Exploits/Local Windows
09.11.2008 Adobe PDF JavaScript Buffer Overflow Exploit Update 3 This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in collectEmailInfo() method in EScript.api. This can be exploited to cause a stack-based buffer overflow when a specially crafted PDF file is opened. This update adds support for Mac OS X 10.4.x and 10.5.x. CVE-2007-5659 Exploits/Client Side Windows, Mac OS X
09.10.2008 Microsoft Windows Image Color Management Exploit (MS08-046) This module exploits a heap overflow vulnerability in the OpenColorProfileW function of mscms.dll through a malformed EMF file embedded in an HTML file. CVE-2008-2245 Exploits/Client Side Windows
09.10.2008 Microsoft Windows Media Encoder Buffer Overflow Exploit (MS08-053) Update This module exploits a stack-based buffer overflow in the wmex.dll ActiveX Control included in Microsoft Windows Media Encoder 9. CVE-2008-3008 Exploits/Client Side Windows
09.08.2008 Microsoft Windows Media Encoder Buffer Overflow Exploit (MS08-053) This module exploits a stack-based buffer overflow in the wmex.dll ActiveX Control included in Microsoft Windows Media Encoder 9. CVE-2008-3008 Exploits/Client Side Windows
09.04.2008 Microsoft Visual Studio Masked Edit Control Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the msmask32.ocx ActiveX Control included in Microsoft Visual Studio 6. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability. CVE-2008-3704 Exploits/Client Side Windows
09.04.2008 CA BrightStor ARCserve Backup Message Service Exploit CA BrightStor ARCserve Backup is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2006-5143 Exploits/Remote Windows
09.03.2008 VMware VMCI Arbitrary Code Execution Vulnerability Exploit Using the VMWare VMCI Arbitrary Code Execution vulnerability it is possible run code in the host machine. This module sends a malformed message through hardware port to host exploiting the vmware-vmx.exe process and installing an agent. CVE-2008-2099 Exploits/Local Windows
09.03.2008 IrfanView Formats Plugin IFF Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the Formats plug-in (Formats.dll) when handling IFF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted IFF file. CVE-2007-2363 Exploits/Client Side
09.02.2008 CA BrightStor ARCserve Backup LGServer Service Exploit This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900. CVE-2008-1328 Exploits/Remote Windows
08.28.2008 Anzio Web Print Object Buffer Overflow Exploit This module exploits a vulnerability in the PWButtonXControl1.ocx control included in the Anzio Web Print Object application. The exploit is triggered when the mainuri property processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-3480 Exploits/Client Side Windows
08.21.2008 Microsoft Office Excel Exploit (MS08-043) This module exploits an error during processing of FORMAT records when loading Excel files into memory that can be exploited to corrupt memory via a specially crafted XLS file containing an out-of-bounds array index. CVE-2008-3005 Exploits/Client Side Windows
08.20.2008 IBM Lotus Domino Accept-Language Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Lotus Domino HTTP server (nHTTP.exe) by sending a specially crafted GET request. CVE-2008-2240 Exploits/Remote Windows
08.20.2008 Netscape Portable Runtime Environment Log File Overwrite Exploit Update This package updates the Netscape Portable Runtime Environment Log File Overwrite Exploit CVE-2006-4842 Exploits/Local Solaris
08.14.2008 Microsoft Office PowerPoint Viewer Exploit (MS08-051) This module exploits a memory allocation error in Microsoft PowerPoint Viewer 2003 that allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption. CVE-2008-0120 Exploits/Client Side Windows
07.30.2008 Microsoft IGMPv3 Exploit (MS08-001) This exploit installs an agent using an overflow vulnerability located in Microsoft Windows tcpip.sys CVE-2007-0069 Exploits/Remote Windows
07.29.2008 Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway. CVE-2008-0871 Exploits/Remote Windows
07.28.2008 XnView TAAC Buffer Overflow Exploit A security vulnerability with the way XnView processes TAAC files may allow a remote unprivileged user who provides a TAAC document that is opened or previewed by a local user to execute arbitrary commands on the system with the privileges of the user running XnView. This can be exploited to cause a buffer overflow when a specially crafted file is opened or previewed in XnView. CVE-2008-2427 Exploits/Client Side Windows
07.23.2008 Windows I2O Utility Filter Driver Privilege Escalation Exploit This module exploits a vulnerability in Windows I2O Utility Filter Driver when the 0x222F80 IOCTL in i2omgmt.sys is invoked with a specially crafted parameter. The IOCTL 0x222F80 handler in the i2omgmt.sys device driver in Windows I2O Utility Filter Driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (IRP) parameters. CVE-2008-0322 Exploits/Local Windows
07.20.2008 Mac OS X pppd Plugin Loading Privilege Escalation Exploit The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. CVE-2007-0752 Exploits/Local Mac OS X
07.17.2008 Download Accelerator Plus M3U Buffer Overflow Exploit This module exploits a vulnerability in Download Accelerator Plus when importing a M3U file (MP3 Playlist) and verify option is used, may allow a remote unprivileged user who provides a crafted M3U document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running Download Accelerator Plus. This can be exploited to cause a stack based buffer overflow when a specially crafted file is imported and the verify button is used in DAP. CVE-2008-3182 Exploits/Client Side Windows
07.14.2008 Adobe Photoshop BMP Exploit This module exploits a vulnerability in Adobe Photoshop products when a malformed .BMP file is parsed. CVE-2008-1765 Exploits/Client Side Windows

Pages