Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
11.28.2012 VMware ESX RetrieveProperties Remote DoS Update The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. This update adds the correct CVE number. CVE-2012-5703 Denial of Service/Remote
03.04.2012 Linux IGMPv3 DoS A flaw was found in the Linux kernels IPv4 IGMP query processing. This module exploit this to cause a denial of service. CVE-2012-0207 Denial of Service/Remote Linux
08.23.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) Update 2 This update adds support to Microsoft Windows Vista and Microsoft Windows 2008. This module exploits a vulnerability in win32k.sys when a "window" is created. CVE-2010-0485 Exploits/Local Windows
05.21.2013 Microsoft Windows Win32k Buffer Overflow Exploit (MS13-046) This module exploits a vulnerability in Windows kernel calling to "DisplayConfigGetDeviceInfo" function with crafted parameters. CVE-2013-1333 Exploits/Local Windows
10.06.2013 Microsoft Windows Telephony Service exploit Update This module connects to Telephony Service and sends a message via lineSetAppPriorityW winapi32 producing a buffer overflow and installs an agent. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0058 Exploits/Local Windows
11.14.2011 Microsoft Windows Font Library File Buffer Overrun Vulnerability Exploit (MS11-077) When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header. CVE-2011-2003 Exploits/Local Windows
01.13.2016 Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 3 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 32 bits by using a kernel memory leak (CVE-2015-2433). CVE-2015-2426 Exploits/Local Windows
09.11.2011 Microsoft WINS Input Validation Exploit (MS11-070) This module exploits a vulnerability on Microsoft WINS service sending crafted UDP packets to the WINS-RPC local port. CVE-2011-1984 Exploits/Local Windows
06.11.2015 QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM) The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. CVE-2015-3456 Exploits/Local Linux
01.15.2013 FreeBSD Kernel linux_ifconf Local Privilege Escalation Exploit This module exploits a kernel memory corruption in the Linux compatibility layer. CVE-2012-4576 Exploits/Local FreeBSD
11.11.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Update 2 This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. This update adds support for Windows 8, Windows 8.1 and Windows 2012 platforms. CVE-2014-4113 Exploits/Local Windows
08.22.2012 Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit This module exploits a vulnerability in Linux for x86-64. The IA32 system call emulation functionality does not zero-extend the EAX register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the RAX register and escalate privileges. This vulnerability is a regression of CVE-2007-4573. CVE-2010-3301 Exploits/Local Linux
07.27.2015 Microsoft Windows Kernel Use After Free Vulnerability Exploit (MS15-061) This module exploits an "Use After Free" vulnerability in win32k.sys by calling to "SetClassLong" function with crafted parameters CVE-2015-1724 Exploits/Local Windows
10.31.2006 Netscape Portable Runtime Environment log file overwrite exploit This module exploits a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, and allows attackers to create or overwrite arbitrary files on the system. CVE-2006-4842 Exploits/Local Solaris
02.13.2013 Solaris LD_AUDIT Privilege Escalation Exploit Update This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. This module exploits the vulnerability and installs an agent with root privileges. This update resolves an issue where the module could erroneously install agents in non-vulnerable systems. CVE-2005-2072 Exploits/Local Solaris
07.31.2005 Solaris LD_AUDIT exploit This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. CVE-2005-2072 Exploits/Local Solaris
05.23.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 4 This update adds support to Microsoft Windows Vista and Microsoft Windows 7 ( only DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
02.03.2015 Microsoft Windows TCP IP Arbitrary Write Local Privilege Escalation Exploit (MS14-070) The TCP/IP Driver (tcpip.sys) present in Microsoft Windows fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x00120028) to the vulnerable driver. CVE-2014-4076 Exploits/Local Windows
01.20.2014 VMware VMCI Privilege Escalation Exploit When the "vmci.sys" driver processes a crafted call from user an array index out of bound is exploited CVE-2013-1406 Exploits/Local Windows
11.14.2010 Microsoft Windows Task Scheduler Service Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3338 Exploits/Local Windows
08.13.2013 Microsoft Windows Win32k Read AV Vulnerability (MS13-053) Update This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003 64 bits, Windows Vista 64 bits, Windows 2008 64 bits, Windows 2008 R2, Windows 7 64 bits, Windows 8 64 bits and Windows 2012 64 bits. CVE-2013-3660 Exploits/Local Windows
03.20.2007 Windows Shell Hardware Detection exploit This module exploits a vulnerability in the 'detection and registration of new hardware' function of the Windows Shell; the vulnerability is exposed by a parameter that is not properly validated. The exploit allows a local user to escalate their privileges on a compromised Windows XP or Windows 2003 system. CVE-2007-0211 Exploits/Local Windows
04.05.2009 FreeBSD Kernel Protosw Privilege Escalation Exploit The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "socket()" system call, and allows an unprivileged process to elevate privileges to root or escape a FreeBSD jail. CVE-2008-5736 Exploits/Local FreeBSD
06.15.2006 Xorg Privilege Escalation Exploit X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. CVE-2006-0745 Exploits/Local
09.12.2011 Microsoft Internet Explorer File Integrity Level Protected Mode Bypass Privilege Escalation Exploit (MS11-057) The Protected Mode of Microsoft Internet Explorer can be bypassed by exploiting a logical flaw when checking the Integrity Level of a file. This module allows an agent running in the context of iexplore.exe with Low Integrity Level to install a new agent that will run with Medium Integrity Level. CVE-2011-1347 Exploits/Local Windows
06.15.2015 VMware Workstation Printer Escape Vulnerability Exploit This module exploits a vulnerability in the VMware printer virtual device from the guest OS and install an agent in the host computer. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released versionin order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2015-2336 Exploits/Local Windows
05.28.2009 AIX Setlocale Function Local Privilege Escalation Exploit The AIX Setlocale Function is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete compromise of the affected computer. CVE-2006-4254 Exploits/Local AIX
11.03.2013 Microsoft Windows Win32k NULL Page Vulnerability Exploit (MS13-081) Update This module exploits a vulnerability in "win32k.sys" by calling to the "TrackPopupMenuEx" function. This update adds support to Windows 7 64 bits and Windows 2008 R2. CVE-2013-3881 Exploits/Local Windows
01.27.2011 Trend Micro TMTDI.SYS Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the tmtdi.sys driver of Trend Micro Titanium Maximum Security and OfficeScan products. The vulnerable driver trusts a dword passed from user mode via IOCTL 0x220404, and interprets it as a function pointer without performing validations. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. This update adds support for the Trend Micro OfficeScan product, as well as support for Windows Server 2003 and Windows Server 2008 platforms. NOCVE-9999-45910 Exploits/Local Windows
12.25.2006 Mac OS X Mach Exception Handling exploit update An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. This update adds support for Mac OS X (i386) CVE-2006-4392 Exploits/Local

Pages