Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
11.24.2009 Linux Ptrace-exec Race Condition Exploit Update This update fixes a documentation issue regarding supported platforms. CVE-2001-1384 Exploits/Local Linux
06.25.2013 Linux Kernel perf_swevent_init Privilege Escalation Exploit This module exploits a vulnerability in the Linux kernel. The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. CVE-2013-2094 Exploits/Local Linux
07.01.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) This module exploits a vulnerability in win32k.sys when a "window" is created. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0485 Exploits/Local Windows
07.12.2010 inetd.conf Privilege Escalation Exploit Update The vulnerabilities consist in net services which are run as root but the owner of server files is not root or the group of the file is not root and has write permissions. These vulnerabilities were found in many Operating System versions. This update fixes a bug when passing parameters to a helper module. NOCVE-9999-39834 Exploits/Local Solaris
05.30.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 6 This update adds support to Microsoft Windows 2003 64 bits edition ( DoS ), Microsoft Windows Vista 64 bits edition ( DoS ), Microsoft Windows 2008 64 bits edition ( DoS ) and Microsoft Windows Seven 64 bits edition ( DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
10.08.2009 Linux Kernel Sock_Sendpage Local Privilege Escalation Exploit The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket CVE-2009-2692 Exploits/Local Linux
07.23.2008 Windows I2O Utility Filter Driver Privilege Escalation Exploit This module exploits a vulnerability in Windows I2O Utility Filter Driver when the 0x222F80 IOCTL in i2omgmt.sys is invoked with a specially crafted parameter. The IOCTL 0x222F80 handler in the i2omgmt.sys device driver in Windows I2O Utility Filter Driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (IRP) parameters. CVE-2008-0322 Exploits/Local Windows
02.18.2014 Linux Kernel CONFIG_X86_X32 Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in the Linux Kernel. The X86_X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace and allows a local attacker to escalate privileges. CVE-2014-0038 Exploits/Local Linux
08.17.2010 PAM Motd Privilege Escalation Exploit PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps.A local attacker could exploit this to gain root privileges. CVE-2010-0832 Exploits/Local Linux
10.30.2011 Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) Update The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-1249 Exploits/Local Windows
09.01.2010 Microsoft Windows Tracing Registry Key ACL Privilege Escalation Exploit (MS10-059) An elevation of privilege vulnerability exists when Windows places incorrect access control lists (ACLs) on the registry keys for the Tracing Feature for Services. The vulnerability allows local attackers running code under an account with impersonation rights, like NETWORK SERVICE, to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2554 Exploits/Local Windows
06.21.2010 Mac OS X CUPS lppasswd Local Privilege Escalation Exploit This module exploits a format string vulnerability in CUPS lppasswd in Apple Mac OS X 10.5.6 that allows local users to get code execution with elevated privileges. CVE-2010-0393 Exploits/Local Mac OS X
05.15.2008 Microsoft NtUserMessageCall Kernel Privilege Escalation Exploit (MS08-025) An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges. CVE-2008-1084 Exploits/Local Windows
09.03.2012 Symantec LiveUpdate Administrator Local Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Symantec LiveUpdate Administrator. CVE-2012-0304 Exploits/Local Windows
12.02.2013 Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. CVE-2013-5065 Exploits/Local Windows
12.25.2006 ProFTPD Controls Buffer Overflow Exploit update The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
07.18.2013 Microsoft Windows Win32k Read AV Vulnerability (MS13-053) This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This is only a documentation update of the original module "Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit". CVE-2013-3660 Exploits/Local Windows
10.17.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-047) Update This update adds support to Impact 12.5 This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-1890 Exploits/Local Windows
07.13.2014 Linux Kernel n_tty_write Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. CVE-2014-0196 Exploits/Local Linux
10.22.2007 Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit Update This module exploits a vulnerability in Windows XP and Windows 2003 when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update corrects the CVE number and adds Windows 2003 as Supported System. CVE-2007-5587 Exploits/Local Windows
04.05.2009 FreeBSD Kernel Protosw Privilege Escalation Exploit The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "socket()" system call, and allows an unprivileged process to elevate privileges to root or escape a FreeBSD jail. CVE-2008-5736 Exploits/Local FreeBSD
11.07.2007 Xen Pygrub Command Injection exploit This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. CVE-2007-4993 Exploits/Local Linux
01.27.2011 FreeBSD mbufs sendfile Cache Poisoning Privilege Escalation Exploit The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption. This data corruption can be exploited by an local attacker to escalate their privilege by carefully controlling the corruption of system files. It should be noted that the attacker can corrupt any file they have read access to. CVE-2010-2693 Exploits/Local FreeBSD
02.22.2010 Sudoedit Privilege Escalation Exploit Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
11.04.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. CVE-2014-4113 Exploits/Local Windows
05.20.2014 Microsoft Windows Kernel NDProxy Vulnerability Exploit (MS14-002) This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. This module is an update of the original "Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit" module. Besides, this module adds support to Windows 2003 SP2 64 bits edition. CVE-2013-5065 Exploits/Local Windows
05.07.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
12.03.2013 Microsoft Internet Explorer NonQuotedCmdLine Protected Mode Escape Exploit (MS13-055) An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-4015 Exploits/Local Windows
07.14.2014 FreeBSD X.Org libXfont BDF Privilege Escalation Exploit The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. CVE-2013-6462 Exploits/Local FreeBSD
10.23.2007 Linux X.org composite exploit This module exploits a buffer overflow condition on local X.org servers with the composite extension activated. CVE-2007-4730 Exploits/Local Linux

Pages