Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
12.22.2008 Microsoft Works wkimgsrv.dll Memory Corruption Exploit This module exploits a vulnerability in the wkimgsrv.dll control shipped with Microsoft Works and many Microsoft Office Suites. The exploit is triggered when the WksPictureInterface() method processes a number as argument resulting in a memory corruption. The WksPictureInterface(), in certain circumstances, points to an invalid memory address that can be controlled to gain code execution. CVE-2008-1898 Exploits/Client Side Windows
12.22.2008 WFTPD Server SIZE Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process. CVE-2006-4318 Exploits/Remote
12.21.2008 Microsoft Windows SMB Credential Reflection Exploit (MS08-068) This module implements the SMB Relay attack to install an agent in the target machine. CVE-2008-4037 Exploits/Local Windows
12.18.2008 MiniShare HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the handling of HTTP "GET" requests. This can be exploited to cause a buffer overflow by sending a specially crafted overly long request with a pathname larger than 1787 bytes. CVE-2004-2271 Exploits/Remote Windows
12.17.2008 BadBlue HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in ext.dll when processing an overly long PassThru command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2007-6377 Exploits/Remote Windows
12.16.2008 Realtek Media Player Playlist Buffer Overflow Exploit Realtek Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .PLA files. NOCVE-9999-0139 Exploits/Client Side
12.14.2008 Mercury IMAPD Login Buffer Overflow Exploit This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 IMAPD Server Module (mercuryi.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability. CVE-2006-5961 Exploits/Remote Windows
12.11.2008 3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
12.11.2008 ProSysInfo TFTPDWIN Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of requested resources to cause a stack-based buffer overflow by requesting a resource with an overly long name. CVE-2006-4948 Exploits/Remote Windows
12.10.2008 Opera file URI Handling Buffer Overflow Exploit Opera is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. CVE-2008-5178 Exploits/Client Side Windows
12.09.2008 AT TFTP Server Long Filename Buffer Overflow Exploit The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. CVE-2006-6184 Exploits/Remote Windows
12.09.2008 Microsoft Internet Explorer XML Buffer Overflow Exploit This module exploits a buffer overflow in Internet Explorer 7 when handling malformed XML data. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2008-4844 Exploits/Client Side Windows
12.09.2008 Mercury PH Server Module Buffer Overflow Exploit This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 PH Server Module (mercuryh.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability. CVE-2005-4411 Exploits/Remote Windows
12.08.2008 SAdminD Buffer Overflow Exploit This modules exploits a stack buffer overflow of the sadmind daemon, and installs an agent as root. CVE-2008-4556 Exploits/Remote Solaris
12.04.2008 RadAsm WindowCallProcA Pointer Hijack Exploit The vulnerability is caused due to a boundary error in the processing of .RAP files. This can be exploited to cause a stack-based buffer overflow by tricking a user into decoding a specially crafted .RAP file. CVE-2000-0079 Exploits/Client Side
12.03.2008 SNMPc Trap Packet Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the SNMPc Network Manager by sending a specially crafted Trap packet with a long Community String to the UDP port 164 and installs an agent if successful. CVE-2008-2214 Exploits/Remote Windows
12.02.2008 FutureSoft TFTP Server 2000 Buffer Overflow Exploit This module exploits a buffer overflow in FutureSoft TFTP Server, that allows remote attackers to execute arbitrary code via a long malformed filename. CVE-2005-1812 Exploits/Remote Windows
12.01.2008 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe), this can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP. CVE-2008-1914 Exploits/Remote Windows
11.30.2008 Easy File Sharing FTP Server PASS Buffer Overflow Exploit The vulnerability is caused due to a boundary error with the handling of passwords. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted passwords passed to the affected server. CVE-2006-3952 Exploits/Remote Windows
11.24.2008 RealVNC 4.1.1 Authentication Exploit Update This exploit simulates a RealVNC client and establishes a connection with a Real VNC server without using a password. After that, it opens a console, writes the exploit and executes it in ntsd.exe CVE-2006-2369 Exploits/Remote Windows
11.23.2008 Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) This module exploits a Windows kernel remote vulnerability on the srv.sys driver via a malformed SMB packet. CVE-2008-4038 Exploits/Remote Windows
11.19.2008 BitTorrent Created By Tag Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the processing of .TORRENT files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .TORRENT file containing an overly long Created By field. CVE-2008-4434 Exploits/Client Side
11.19.2008 Oracle WebLogic Server Apache Connector Exploit Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). CVE-2008-3257 Exploits/Remote Windows, AIX
11.17.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 2 This module exploits a vulnerability in the Microsoft Windows Server service sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. CVE-2008-4250 Exploits/Remote Windows
11.16.2008 Adobe PDF URI Handler Exploit Update This module exploits a vulnerability in Adobe Reader and Acrobat 8.1.0 and earlier on systems with Internet Explorer 7 installed. This update adds support for WEB SERVER. CVE-2007-5020 Exploits/Client Side Windows
11.10.2008 mIRC Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the processing of PRIVMSG IRC messages. This can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious IRC server. CVE-2008-4449 Exploits/Client Side Windows
11.09.2008 Kantaris Buffer Overflow Subtitle Exploit This module exploits a vulnerability in Kantaris and installs an agent. CVE-2007-6681 Exploits/Client Side Windows
11.09.2008 VLC Media Player TY File Stack Based Buffer Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. This update improves exploit reliability. CVE-2008-4654 Exploits/Client Side Windows
11.06.2008 Adobe Reader printf Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the util.printf() JavaScript function. This update improves exploit reliability and fixes a cookie handling bug. CVE-2008-2992 Exploits/Client Side Windows
11.05.2008 UltraISO CUE Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the parsing of .CUE files, this can be exploited to cause a stack-based buffer overflow via a .CUE file with an overly long file string. CVE-2007-2888 Exploits/Client Side

Pages