Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
08.21.2006 Ubuntu 5.10 Password Recovery Escalation Exploit The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges CVE-2006-1183 Exploits/Local Linux
08.23.2011 Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand Exploit (MS11-056) This module exploits a vulnerability on Microsoft Windows "CSRSS.EXE" process setting the command history number in a value greater than 0x7fff. CVE-2011-1283 Exploits/Local Windows
09.03.2008 VMware VMCI Arbitrary Code Execution Vulnerability Exploit Using the VMWare VMCI Arbitrary Code Execution vulnerability it is possible run code in the host machine. This module sends a malformed message through hardware port to host exploiting the vmware-vmx.exe process and installing an agent. CVE-2008-2099 Exploits/Local Windows
08.29.2007 WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-3681 Exploits/Local Windows
06.16.2009 AIX Pioout Local Buffer Overflow Privilege Escalation Exploit AIX Pioout is prone to a vulnerability that allows attackers to execute arbitrary code with superuser privileges. This is due to insecure permissions shared libraries. CVE-2007-5764 Exploits/Local AIX
10.25.2010 Linux Kernel RDS Protocol Privilege Escalation Exploit The Linux kernel is prone to a privilege escalation vulnerability that can be exploited by local unprivileged users to gain root access, because the RDS protocol does not properly check that the base address of a user-provided iovec struct points to a valid userspace address before using the __copy_to_user_inatomic() function to copy the data. By providing a kernel address as an iovec base and issuing a recvmsg() style socket call, a local user could write arbitrary data into kernel memory, thus escalating privileges to root. CVE-2010-3904 Exploits/Local Linux
01.28.2010 Symantec Veritas VRTSweb Privilege Escalation Exploit Update This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port, allowing local users to gain elevated privileges. This update adds support for Windows 2008. CVE-2009-3027 Exploits/Local Windows
07.30.2014 Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. CVE-2014-1767 Exploits/Local Windows
11.15.2010 Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Exploit The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges. CVE-2008-2830 Exploits/Local Mac OS X
08.22.2006 CSRSS facename exploit update This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update improve the exploit reliability in windows 2003. CVE-2005-0551 Exploits/Local Windows
10.15.2012 Microsoft Windows Sysret Instruction Privilege Escalation Exploit (MS12-042) On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local Windows
07.04.2012 FreeBSD Sysret Instruction Privilege Escalation Exploit On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local FreeBSD
10.17.2011 Microsoft WINS Input Validation Exploit (MS11-070) Update This module adds support to Microsoft Windows 2008. This module exploits a vulnerability on Microsoft WINS service sending crafted UDP packets to the WINS-RPC local port. CVE-2011-1984 Exploits/Local Windows
10.19.2006 Mac OS X Mach Exception Handling exploit An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. Exploits/Local OpenBSD, Solaris, Linux, Mac OS X
08.24.2011 Linux Kernel set_fs Privilege Escalation Exploit This module exploits a local vulnerability in the set_fs function in the Linux kernel prior to 2.6.37. CVE-2010-4258 Exploits/Local Linux
01.29.2009 ESET Smart Security EPFW.SYS Privilege Escalation Exploit This module exploits a vulnerability in ESET Smart Security EPWF.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-5724 Exploits/Local Windows
10.14.2014 Linux Kernel n_tty_write Privilege Escalation Exploit Update This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. This update adds support for Ubuntu 14.04. CVE-2014-0196 Exploits/Local Linux
08.29.2007 Symantec SYMTDI.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in Symantec products when the 0x83022323 function is invoked with a specially crafted parameter. The IOCTL 0x83022323 handler in the SYMTDI.SYS device driver in Symantec products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. CVE-2007-3673 Exploits/Local Windows
03.28.2010 Linux Kernel Sock_Sendpage Local Privilege Escalation Exploit Update The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. This update adds the 'one-shot' tag to the XML of the module. CVE-2009-2692 Exploits/Local Linux
01.04.2012 Microsoft Windows Font Library File Buffer Overrun Vulnerability Exploit (MS11-077) Update This update adds support to Microsoft Windows Vista and Microsoft Windows 2008. When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability by filling the kernel memory via heap spraying and building a fake chunk header. CVE-2011-2003 Exploits/Local Windows
06.18.2009 Microsoft Windows Print Spooler Load Library Vulnerability Exploit (MS09-022) This module takes advantage of an insufficient library path check in spoolsv.exe service loading a dll with system user privileges. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-0230 Exploits/Local Windows
07.23.2008 Windows I2O Utility Filter Driver Privilege Escalation Exploit This module exploits a vulnerability in Windows I2O Utility Filter Driver when the 0x222F80 IOCTL in i2omgmt.sys is invoked with a specially crafted parameter. The IOCTL 0x222F80 handler in the i2omgmt.sys device driver in Windows I2O Utility Filter Driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (IRP) parameters. CVE-2008-0322 Exploits/Local Windows
10.28.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit Update The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. This update improves the module reliability. CVE-2010-3847 Exploits/Local Linux
03.30.2009 Anti Keylogger Elite Privilege Escalation Exploit This module exploits a vulnerability in Anti keylogger elite when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x002224A4 handler in the AKEProtect.sys device driver in Anti Keylogger Elite allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. CVE-2008-5049 Exploits/Local Windows
10.23.2012 Libdbus DBUS_SYSTEM_BUS_ADDRESS Variable Local Privilege Escalation Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. CVE-2012-3524 Exploits/Local Linux
09.03.2014 Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This module adds support to Microsoft Windows 2003, Windows Vista, Windows 2008 and Windows 8.1 CVE-2014-1767 Exploits/Local Windows
08.18.2009 Microsoft IIS MS08-006 Exploit update 3 This module exploits a stack buffer overflow vulnerability present in Microsoft Internet Information Server versions 5.1 through 6.0. This update makes the name of the file used random to improve reliability, as well as avoid a system error when the file is used. It also adds the possibility of deploying multiple agents. CVE-2008-0075 Exploits/Local Windows
05.20.2009 FreeBSD Telnetd Privilege Escalation Exploit Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. CVE-2009-0641 Exploits/Local FreeBSD
09.14.2008 Blue Coat K9 Web Protection Referer Privilege Escalation Exploit K9 Web Protection's local administration interface is vulnerable to a stack based buffer overflow while processing Referer HTTP headers. Local attackers could abuse this vulnerability to escalate privileges and execute arbitrary code as SYSTEM. CVE-2007-2952 Exploits/Local Windows
06.03.2009 FreeBSD ktimer Local Privilege Escalation Exploit FreeBSD is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied data. An attacker can exploit this vulnerability to run arbitrary code with elevated privileges. CVE-2009-1041 Exploits/Local FreeBSD

Pages