CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
02.10.2008 Linux Kernel Vmsplice() Privilege Escalation Exploit Exploits a missing verification of parameters within the vmsplice_to_user(), copy_from_user_mmap_sem(), and get_iovec_page_array() functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted vmsplice() system call, and allows an unprivileged process to elevate privileges to root. CVE-2008-0600 Exploits/Local Linux
09.24.2014 Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 2 This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This update adds support to Impact 2014 R2. CVE-2014-1767 Exploits/Local Windows
01.28.2010 Symantec Veritas VRTSweb Privilege Escalation Exploit Update This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port, allowing local users to gain elevated privileges. This update adds support for Windows 2008. CVE-2009-3027 Exploits/Local Windows
01.29.2009 ESET Smart Security EPFW.SYS Privilege Escalation Exploit This module exploits a vulnerability in ESET Smart Security EPWF.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-5724 Exploits/Local Windows
11.15.2010 Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Exploit The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges. CVE-2008-2830 Exploits/Local Mac OS X
08.18.2009 Microsoft IIS MS08-006 Exploit update 3 This module exploits a stack buffer overflow vulnerability present in Microsoft Internet Information Server versions 5.1 through 6.0. This update makes the name of the file used random to improve reliability, as well as avoid a system error when the file is used. It also adds the possibility of deploying multiple agents. CVE-2008-0075 Exploits/Local Windows
05.20.2009 FreeBSD Telnetd Privilege Escalation Exploit Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. CVE-2009-0641 Exploits/Local FreeBSD
03.28.2010 Linux Kernel Sock_Sendpage Local Privilege Escalation Exploit Update The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. This update adds the 'one-shot' tag to the XML of the module. CVE-2009-2692 Exploits/Local Linux
06.18.2009 Microsoft Windows Print Spooler Load Library Vulnerability Exploit (MS09-022) This module takes advantage of an insufficient library path check in spoolsv.exe service loading a dll with system user privileges. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-0230 Exploits/Local Windows
08.21.2014 Microsoft Internet Explorer IESetProtectedModeRegKeyOnly Protected Mode Escape Exploit (MS13-097) The IESetProtectedModeRegKeyOnly() function in the ieframe.dll library of Microsoft Internet Explorer calls the RegCreateKeyEx registry function when running with Medium Integrity Level over a registry key that is writable by a sandboxed IE instance. This can be abused to overwrite IE's Elevation Policy by creating symbolic links in the Windows Registry in order to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-5045 Exploits/Local Windows
10.28.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit Update The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. This update improves the module reliability. CVE-2010-3847 Exploits/Local Linux
09.30.2014 Linux Kernel x86_64 Ptrace Sysret Privilege Escalation Exploit On x86_64 Intel CPUs, sysret to a non-canonical address causes a fault on the sysret instruction itself after the stack pointer has been set to a usermode-controlled value, but before the current privilege level (CPL) is changed. A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities. This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system. CVE-2014-4699 Exploits/Local Linux
03.30.2009 Anti Keylogger Elite Privilege Escalation Exploit This module exploits a vulnerability in Anti keylogger elite when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x002224A4 handler in the AKEProtect.sys device driver in Anti Keylogger Elite allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. CVE-2008-5049 Exploits/Local Windows
05.10.2012 Linux Sing Log Injection Local Exploit SING is prone to a local privilege-escalation vulnerability, that allows an unprivileged process to elevate privileges to root. CVE-2007-6211 Exploits/Local Linux
09.14.2008 Blue Coat K9 Web Protection Referer Privilege Escalation Exploit K9 Web Protection's local administration interface is vulnerable to a stack based buffer overflow while processing Referer HTTP headers. Local attackers could abuse this vulnerability to escalate privileges and execute arbitrary code as SYSTEM. CVE-2007-2952 Exploits/Local Windows
06.11.2013 Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. CVE-2013-3660 Exploits/Local Windows
01.15.2013 FreeBSD Kernel linux_ifconf Local Privilege Escalation Exploit This module exploits a kernel memory corruption in the Linux compatibility layer. CVE-2012-4576 Exploits/Local FreeBSD
08.22.2012 Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit This module exploits a vulnerability in Linux for x86-64. The IA32 system call emulation functionality does not zero-extend the EAX register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the RAX register and escalate privileges. This vulnerability is a regression of CVE-2007-4573. CVE-2010-3301 Exploits/Local Linux
02.13.2013 Solaris LD_AUDIT Privilege Escalation Exploit Update This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. This module exploits the vulnerability and installs an agent with root privileges. This update resolves an issue where the module could erroneously install agents in non-vulnerable systems. CVE-2005-2072 Exploits/Local Solaris
05.21.2009 ElbyCDIO IO Driver Privilege Escalation Exploit This module exploits a vulnerability in ElbyCDIO.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-0824 Exploits/Local Windows
05.23.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 4 This update adds support to Microsoft Windows Vista and Microsoft Windows 7 ( only DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
06.03.2009 FreeBSD ktimer Local Privilege Escalation Exploit FreeBSD is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied data. An attacker can exploit this vulnerability to run arbitrary code with elevated privileges. CVE-2009-1041 Exploits/Local FreeBSD
01.20.2014 VMware VMCI Privilege Escalation Exploit When the "vmci.sys" driver processes a crafted call from user an array index out of bound is exploited CVE-2013-1406 Exploits/Local Windows
08.13.2013 Microsoft Windows Win32k Read AV Vulnerability (MS13-053) Update This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003 64 bits, Windows Vista 64 bits, Windows 2008 64 bits, Windows 2008 R2, Windows 7 64 bits, Windows 8 64 bits and Windows 2012 64 bits. CVE-2013-3660 Exploits/Local Windows
12.14.2006 ProFTPD Controls Buffer Overflow Exploit The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
12.28.2008 Mac OS X smcFanControl Local Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in smcFanControl on Apple Mac OS X 10.4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. CVE-2008-6252 Exploits/Local Mac OS X
01.04.2011 win32api update Update for win32api module which adds 2 new wrappers. Exploits/Local
05.21.2013 Microsoft Windows Win32k Buffer Overflow Exploit (MS13-046) This module exploits a vulnerability in Windows kernel calling to "DisplayConfigGetDeviceInfo" function with crafted parameters. CVE-2013-1333 Exploits/Local Windows
02.17.2008 Microsoft IIS MS08-006 exploit This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. WARNING: This is an early release module. CVE-2008-0075 Exploits/Local Windows
10.06.2013 Microsoft Windows Telephony Service exploit Update This module connects to Telephony Service and sends a message via lineSetAppPriorityW winapi32 producing a buffer overflow and installs an agent. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0058 Exploits/Local Windows

Pages