Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
07.18.2013 Microsoft Windows Win32k Read AV Vulnerability (MS13-053) This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This is only a documentation update of the original module "Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit". CVE-2013-3660 Exploits/Local Windows
01.29.2009 ESET Smart Security EPFW.SYS Privilege Escalation Exploit This module exploits a vulnerability in ESET Smart Security EPWF.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-5724 Exploits/Local Windows
07.13.2014 Linux Kernel n_tty_write Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. CVE-2014-0196 Exploits/Local Linux
07.23.2008 Windows I2O Utility Filter Driver Privilege Escalation Exploit This module exploits a vulnerability in Windows I2O Utility Filter Driver when the 0x222F80 IOCTL in i2omgmt.sys is invoked with a specially crafted parameter. The IOCTL 0x222F80 handler in the i2omgmt.sys device driver in Windows I2O Utility Filter Driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (IRP) parameters. CVE-2008-0322 Exploits/Local Windows
06.18.2009 Microsoft Windows Print Spooler Load Library Vulnerability Exploit (MS09-022) This module takes advantage of an insufficient library path check in spoolsv.exe service loading a dll with system user privileges. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-0230 Exploits/Local Windows
11.25.2010 Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-4398 Exploits/Local Windows
08.19.2010 Linux Kernel Ext4 Move Extents IOCTL Privilege Escalation Exploit Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. A local user can invoke the Ext4 'move extents' ioctl call, with certain options to execute arbitrary code and gain privileged access. Successful exploits will result in the complete compromise of affected computers. CVE-2009-4131 Exploits/Local Linux
10.01.2013 CSRSS facename exploit Update 2 This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0551 Exploits/Local Windows
03.30.2009 Anti Keylogger Elite Privilege Escalation Exploit This module exploits a vulnerability in Anti keylogger elite when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x002224A4 handler in the AKEProtect.sys device driver in Anti Keylogger Elite allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. CVE-2008-5049 Exploits/Local Windows
11.04.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. CVE-2014-4113 Exploits/Local Windows
05.20.2014 Microsoft Windows Kernel NDProxy Vulnerability Exploit (MS14-002) This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. This module is an update of the original "Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit" module. Besides, this module adds support to Windows 2003 SP2 64 bits edition. CVE-2013-5065 Exploits/Local Windows
10.27.2011 Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. CVE-2011-2005 Exploits/Local Windows
12.27.2005 SuSE Linux chfn exploit This module exploits a vulnerability in SuSE chfn command and escalates privileges to root. CVE-2005-3503 Exploits/Local Linux
08.18.2009 Microsoft IIS MS08-006 Exploit update 3 This module exploits a stack buffer overflow vulnerability present in Microsoft Internet Information Server versions 5.1 through 6.0. This update makes the name of the file used random to improve reliability, as well as avoid a system error when the file is used. It also adds the possibility of deploying multiple agents. CVE-2008-0075 Exploits/Local Windows
12.03.2013 Microsoft Internet Explorer NonQuotedCmdLine Protected Mode Escape Exploit (MS13-055) An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-4015 Exploits/Local Windows
05.20.2009 FreeBSD Telnetd Privilege Escalation Exploit Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. CVE-2009-0641 Exploits/Local FreeBSD
09.14.2008 Blue Coat K9 Web Protection Referer Privilege Escalation Exploit K9 Web Protection's local administration interface is vulnerable to a stack based buffer overflow while processing Referer HTTP headers. Local attackers could abuse this vulnerability to escalate privileges and execute arbitrary code as SYSTEM. CVE-2007-2952 Exploits/Local Windows
10.22.2007 Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit Update This module exploits a vulnerability in Windows XP and Windows 2003 when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update corrects the CVE number and adds Windows 2003 as Supported System. CVE-2007-5587 Exploits/Local Windows
07.14.2014 FreeBSD X.Org libXfont BDF Privilege Escalation Exploit The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. CVE-2013-6462 Exploits/Local FreeBSD
10.10.2011 Norman Security Suite Nprosec.sys Privilege Escalation Exploit Norman Security Suite is affected by a privilege escalation vulnerability that can be exploited by local, unprivileged users to gain SYSTEM privileges. The vulnerability occurs in the Nprosec.sys driver when handling IOCTL 0x00220210. NOCVE-9999-49673 Exploits/Local Windows
11.07.2007 Xen Pygrub Command Injection exploit This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. CVE-2007-4993 Exploits/Local Linux
05.30.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 6 This update adds support to Microsoft Windows 2003 64 bits edition ( DoS ), Microsoft Windows Vista 64 bits edition ( DoS ), Microsoft Windows 2008 64 bits edition ( DoS ) and Microsoft Windows Seven 64 bits edition ( DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
11.25.2010 Microsoft Windows Task Scheduler Service Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. This update adds support for Windows 7 and Windows 2008 x64. CVE-2010-3338 Exploits/Local Windows
10.30.2011 Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) Update The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-1249 Exploits/Local Windows
02.21.2007 Windows Image Acquisition CmdLine exploit The Window Image Acquisition (WIA) Service in Microsoft Windows XP allows local users to gain privileges via a stack overflow when processing the bsCmdLine parameter of the IWiaDevMgr::RegisterEventCallbackProgram function. CVE-2007-0210 Exploits/Local Windows
06.27.2013 Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit Update 2 This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003, Windows 2008 and Windows Vista CVE-2013-3660 Exploits/Local Windows
12.28.2008 Mac OS X smcFanControl Local Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in smcFanControl on Apple Mac OS X 10.4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. CVE-2008-6252 Exploits/Local Mac OS X
12.04.2014 Microsoft Windows Administrator UAC Elevation Bypass Update This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group. NOCVE-9999-64489 Exploits/Local Windows
06.10.2014 Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program. CVE-2014-1807 Exploits/Local Windows
05.21.2009 ElbyCDIO IO Driver Privilege Escalation Exploit This module exploits a vulnerability in ElbyCDIO.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-0824 Exploits/Local Windows

Pages