Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
09.09.2007 SIDVault LDAP Server Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the LDAP service (sidvault.exe) of the SIDVault LDAP application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 389/TCP of the vulnerable system and installs an agent if successful. CVE-2007-4566 Exploits/Remote Windows
09.04.2007 Sun Java Web Start JNLP Stack Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the javaws.exe program and deploys an agent when successful. The exploit triggers a vulnerability in the Java Runtime Environment allowing an attacker to execute arbitrary code on the remote machine. CVE-2007-3655 Exploits/Remote Windows
09.02.2007 RealPlayer SMIL wallclock Buffer Overflow Exploit This module exploits a vulnerability caused due to a boundary error in the wallclock functionality in SmilTimeValue::parseWallClockValue() when handling time formats. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-3410 Exploits/Client Side Windows
08.29.2007 WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-3681 Exploits/Local Windows
08.29.2007 Symantec SYMTDI.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in Symantec products when the 0x83022323 function is invoked with a specially crafted parameter. The IOCTL 0x83022323 handler in the SYMTDI.SYS device driver in Symantec products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. CVE-2007-3673 Exploits/Local Windows
08.28.2007 VLC Media Player Format String exploit This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC 0.86, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. CVE-2007-3316 Exploits/Client Side Windows, Linux, Mac OS X
08.27.2007 Ipswitch IMail Search On Exploit This module exploits a stack-based buffer overflow in the IMAP server in IMail 2006.1 in Ipswitch Collaboration Suite (ICS). CVE-2007-2795 Exploits/Remote Windows
08.27.2007 RSH Daemon for Windows Remote Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the Windows RSH application (rshd.exe). The module sends a specially crafted packet to port 514/tcp and installs an agent if successful. CVE-2007-4005 Exploits/Remote Windows
08.07.2007 Microsoft Internet Explorer Multiple Browser URI Handler Command Injection Exploit This module exploits an argument injection vulnerability in Mozilla Firefox, when running on systems with Microsoft Internet Explorer 7 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a FirefoxURL or FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. CVE-2007-3670 Exploits/Client Side Windows
08.06.2007 Microsoft Visio 2002 MS07-030 exploit This module exploits a pointer overwrite vulnerability in Microsoft Visio 2002 to install an agent. CVE-2007-0936 Exploits/Client Side Windows
08.01.2007 Borland InterBase Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase application. The exploit triggers a stack-based buffer overflow by sending a specially crafted "create" request to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2007-3566 Exploits/Remote Windows
07.31.2007 IncrediMail ActiveX Exploit Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2007-1683 Exploits/Client Side Windows
07.25.2007 Microsoft Publisher MS07-037 exploit PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". CVE-2007-1754 Exploits/Client Side Windows
07.23.2007 Versalsoft HTTP File Uploader Buffer Overflow Exploit This module exploits a vulnerability in the UFileUploaderD.dll control included in the HTTP File Upload ActiveX Control. The exploit is triggered when the AddFile() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-2563 Exploits/Client Side Windows
07.17.2007 SAP DB WebTools Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the waHTTP.exe (SAP DB Web Server) component included with the SAP DB. The exploit is triggered by sending an unauthenticated, specially crafted HTTP request to the default port 9999/TCP. CVE-2007-3614 Exploits/Remote Windows
07.16.2007 Zenturi ProgramChecker ActiveX Exploit This module exploits a vulnerability in the sasatl.dll control included in the Zenturi ProgramChecker ActiveX application. The exploit is triggered when the DebugMsgLog() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-2987 Exploits/Client Side Windows
07.16.2007 EnjoySAP ActiveX Exploit This module exploits a vulnerability in the kwedit.dll control included in the EnjoySAP application. The exploit is triggered when the PrepareToPostHTML() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-3605 Exploits/Client Side Windows
07.16.2007 NeoTrace ActiveX Exploit This module exploits a vulnerability in the NeoTraceExplorer ActiveX Control (NeoTraceExplorer.dll). The exploit is triggered when a long string argument is processed by the TraceTarget() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2006-6707 Exploits/Client Side Windows
07.12.2007 mDNSResponder buffer overflow exploit This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. CVE-2007-2386 Exploits/Remote Mac OS X
07.12.2007 Asterisk T.38 buffer overflow exploit This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. After successful exploitation a agent will be installed. The process being exploited is usually run as root. CVE-2007-2293 Exploits/Remote Linux
07.02.2007 TrueCrypt Privilege Escalation Exploit This module exploits a vulnerability in TrueCrypt 4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. This exploit mounts a temporary, especially crafted TrueCrypt volume in the /lib/tls directory and executes a setuid application to bypass security controls and execute an agent as root. CVE-2007-1738 Exploits/Local Linux
07.01.2007 Symantec Discovery XFERWAN Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the XferWan.exe component included with Symantec Discovery 6.5. The exploit sends a specially crafted TCP packet triggering a buffer overflow and installing an agent on the target system. CVE-2007-1173 Exploits/Remote Windows
06.28.2007 Sun Java Web SOCKS Proxy Authentication Exploit This module exploits a stack-based buffer overflow vulnerability in the SOCKS proxy included in the Sun Java Web Proxy Server. The exploit sends specially crafted packets during the SOCKS connection negotiation and installs an agent if successful. CVE-2007-2881 Exploits/Remote Linux
06.27.2007 Apple QuickTime Java toQTPointer() code execution exploit update This module exploits a memory corruption vulnerability in the Java QuickTime for Java (QtJava.dll) browser plug-in. The module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user(s) to connect to it with a Java-enabled browser using the vulnerable plug-in. When a user connects to the site they trigger the exploit and the module attempts to install an agent on their computer. This update adds support for Safari browser in Mac OS X (i386) and adds Opera support in Windows. CVE-2007-2175 Exploits/Client Side Windows
06.21.2007 MSRPC Samba Command Injection exploit update This update adds support for Debian, Ubuntu, and Mac OS-X 10.4. This module exploits a command injection vulnerability in the function _AddPrinterW in Samba 3, reached through an AddPrinter remote request. CVE-2007-2447 Exploits/Remote Linux, OpenBSD, FreeBSD, Mac OS X
06.20.2007 McAfee Subscription Manager ActiveX Exploit This module exploits a buffer overflow vulnerability in the McAfee Subscription Manager (MCSUBMGR.DLL) ActiveX control. The exploit is triggered when the IsOldAppInstalled () method processes an overly long string argument allowing remote attackers to execute arbitrary code. This client-side exploit is dependent on a user visiting a malicious web-site hosted by CORE IMPACT to distribute the exploit and install an agent. CVE-2007-2584 Exploits/Client Side Windows
06.19.2007 ActSoft DVD Tools Buffer Overflow Exploit This module exploits a vulnerability in the dvdtools.ocx control included in the ActSoft DVD Tools ActiveX application. The exploit is triggered when the OpenDVD() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-0976 Exploits/Client Side Windows
06.18.2007 NCTAudioFile2 ActiveX Buffer Overflow Exploit This module exploits a vulnerability in the NCTAudioFile2.AudioFile ActiveX Control (NCTAudioFile2.dll) used by various multimedia applications. The exploit is triggered when a long string argument is processed by the SetFormatLikeSample() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-0018 Exploits/Client Side Windows
06.18.2007 MSRPC Trend Micro Server Protect buffer overflow exploit TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-2508 Exploits/Remote Windows
06.14.2007 Yahoo Messenger Webcam ActiveX Exploit Update This update adds support for Windows Vista. This module exploits a vulnerability in the Yahoo Messenger Webcam 8.1 ActiveX Control (ywcvwr.dll). When the Receive() method processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code. This exploit is triggered when an unsuspecting user is lured into visiting a malicious web-site hosted by CORE IMPACT. CVE-2007-3148 Exploits/Client Side Windows

Pages