Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
04.17.2008 CA BrightStor Tape Engine Buffer Overflow Exploit update This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5. This package makes a slight change in the documentation of the module. CVE-2007-0168 Exploits/Remote Windows
04.17.2008 WebApps SQL Injection updates This package updates WebApps' SQL Injection features to improve detection of a SQL Agent's capabilities, fix escaping of SQL statements for Oracle and SQL Server, add a new export command to the SQL Shell and improve its handling of empty result sets. Exploits/SQL Injection
04.16.2008 Windows .ANI file parsing Exploit Update An integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .BMP, .CUR, .ICO or .ANI file with a large image size field. You can force vulnerable clients to connect to the web server automatically by using this module to send them a specially designed e-mail to exploit this vulnerability by open it with Outlook or Outlook Express. When the victim reads the HTML message a .ANI file is requested to the exploit's web server. If the system is vulnerable an agent is installed exploiting a buffer overflow in the function that parses such file. CVE-2004-1049 Exploits/Client Side Windows
04.15.2008 Microsoft GDI EMF Exploit (MS08-021) This module exploits a stack-based buffer overflow in GDI in Microsoft Windows, allowing remote attackers to execute arbitrary code via a specially crafted EMF image file. WARNING: This is an early release module. CVE-2008-1087 Exploits/Client Side Windows
04.14.2008 Microsoft Office Memory Corruption Exploit (MS08-016) This module exploits a vulnerability in Microsoft Office (.PPT files). The vulnerability is caused due to a boundary error in mso.dll within the processing of PPT files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. CVE-2008-0118 Exploits/Client Side
04.14.2008 MSRPC WKSSVC NetpManageIPCConnect Exploit update This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.0 to 7.5 of the framework. CVE-2006-4691 Exploits/Remote Windows
04.13.2008 Microsoft Excel Macro Validation Exploit (MS08-014) update This module exploits a vulnerability in Microsoft Excel 2003 SP2 and earlier when parsing a malformed xls file. CVE-2008-0081 Exploits/Client Side Windows
04.10.2008 MPlayer stsc atom exploit Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. CVE-2008-0485 Exploits/Client Side Windows
04.07.2008 Microsoft Excel Macro Validation Exploit (MS08-014) This module exploits a vulnerability in Microsoft Excel 2003 SP2 and earlier when parsing a malformed xls file. CVE-2008-0081 Exploits/Client Side Windows
04.06.2008 Apache mod_php Exploit Update 2 This update fixes an issue with the 'reuse connection' mode on Impact V7.5 CVE-2002-0081 Exploits/Remote Linux
04.03.2008 Microsoft Works File Parsing WPS Buffer Overflow Exploit Update This module exploits a vulnerability in Microsoft Office (.WPS files). The vulnerability is caused due to boundary errors within the processing of WPS files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This update adds Windows 2000 and Windows 2003 as Supported Systems and fixes a small bug in the function that generate the files. CVE-2007-0216 Exploits/Client Side Windows
04.03.2008 MSRPC Trend Micro Server Protect buffer overflow exploit Update TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. This update corrects the actual exploited CVE number. CVE-2007-2508 Exploits/Remote Windows
03.31.2008 MSRPC Trend Micro Server Protect AddTaskExportLogItem() Exploit TrendMicro ServerProtect 5.58 with security patch 3 installed is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-6507 Exploits/Remote Windows
03.30.2008 FaceBook PhotoUploader ExtractIptc Exploit This module exploits a client-side command execution vulnerability in the ActiveX control of the FaceBook Image Uploader. The module will run a malicious website in the CORE IMPACT console and wait for a user to connect and trigger the exploit. CVE-2008-0660 Exploits/Client Side Windows
03.25.2008 Symantec BackupExec Calendar Buffer Overflow Exploit This module exploits a vulnerability in the Symantec BackupExec Calendar Control (PVCalendar.ocx). When the _DOWText0 property processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code. CVE-2007-6016 Exploits/Client Side Windows
03.25.2008 Microsoft Jet Database Engine Buffer Overflow Exploit This module exploits a vulnerability in Microsoft Jet Database (msjet40.dll) trough a Microsoft Word Document. The vulnerability is caused due to boundary error in msjet40.dll within the processing of mdb files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. CVE-2008-1092 Exploits/Client Side
03.17.2008 Trend Micro OfficeScan Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Trend Micro OfficeScan Corporate Edition when processing passwords with cgiChkMasterPwd.exe vulnerable module. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1365 Exploits/Remote Windows
03.13.2008 Microsoft Office Web Components Exploit (MS08-017) This module exploits a stack-based buffer overflow in the Microsoft Office Web Components. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2006-4695 Exploits/Client Side Windows
03.12.2008 MSRPC Novell Netware Client EnumPrinters() Buffer Overflow Exploit Novell Client for Netware is prone to a buffer overflow vulnerability on the nwspool.dll that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This module exploits this vulnerability and installs an agent. CVE-2008-0639 Exploits/Remote Windows
03.12.2008 MSRPC UMPNPMGR MS05-039 exploit update This module exploits a stack buffer overflow in the Microsoft Windows Plug and Play service and installs an agent (MS05-039). This update fixes a problem when launching the exploit with the PROTO parameter set to 139/SMB or 445/SMB (instead of the default value ANY). CVE-2005-1983 Exploits/Remote Windows
03.11.2008 WireShark SNMP Dissector DoS This module exploits a vulnerability in the WireShark SNMP dissector, sending a specially crafted SNMP packet, causing WireShark to crash. CVE-2008-1071 Denial of Service/Remote Windows
03.09.2008 SurgeMail Mail Server Exploit This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1054 Exploits/Remote Windows
03.05.2008 Rosoft Media Player M3U Stack-Based Buffer Overflow Exploit Rosoft Media Player is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input of M3U files. CVE-2007-6478 Exploits/Client Side Windows
03.05.2008 Adobe PDF JavaScript Buffer Overflow Exploit This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary error in collectEmailInfo() method in EScript.api. This can be exploited to cause a stack-based buffer overflow when a specially crafted PDF file is opened. CVE-2007-5659 Exploits/Client Side Windows
03.04.2008 Linux X.org MIT-SHM Extension Privilege Escalation Exploit This module exploits a integer overflow condition on local X.org servers with MIT-SHM extension activated. CVE-2007-6429 Exploits/Local Linux
02.28.2008 Novell iPrint ExecuteRequest() Exploit This module exploits a vulnerability in the ienipp.ocx control included in Novell iPrint Client v4.32 and prior. The exploit is triggered when the ExecuteRequest() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-0935 Exploits/Client Side Windows
02.26.2008 ACDSee XPM File Handling Buffer Overflow Exploit This module exploits a vulnerability in ACDSee Products (ID_X.apl plugin). The vulnerability is caused due to boundary error in ID_X.apl within the processing of xpm files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. CVE-2007-2193 Exploits/Client Side Windows
02.24.2008 VMware Shared Folders Directory Traversal Exploit This module exploits a vulnerability in VMware shared folders. CVE-2008-0923 Exploits/Local Windows
02.24.2008 IncrediMail ActiveX Exploit Update Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. This update improves the exploit reliability. CVE-2007-1683 Exploits/Client Side Windows
02.17.2008 Microsoft IIS MS08-006 exploit This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. WARNING: This is an early release module. CVE-2008-0075 Exploits/Local Windows

Pages