Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
11.09.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Update This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. This update adds support for x86-64 platforms. CVE-2014-4113 Exploits/Local Windows
05.20.2009 FreeBSD Telnetd Privilege Escalation Exploit Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. CVE-2009-0641 Exploits/Local FreeBSD
03.20.2011 Microsoft .NET Runtime Optimization Service Privilege Escalation Exploit The .NET Runtime Optimization Service, part of the .NET Framework, is prone to a privilege escalation vulnerability, which can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges. NOCVE-9999-47471 Exploits/Local Windows
01.19.2012 Microsoft Windows TrueType Font Parsing Vulnerability Local Exploit (MS11-087) This module exploits a Windows kernel heap overflow vulnerability when a crafted TTF file is processed by Windows kernel. CVE-2011-3402 Exploits/Local Windows
06.03.2009 FreeBSD ktimer Local Privilege Escalation Exploit FreeBSD is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied data. An attacker can exploit this vulnerability to run arbitrary code with elevated privileges. CVE-2009-1041 Exploits/Local FreeBSD
03.20.2007 Windows Shell Hardware Detection exploit This module exploits a vulnerability in the 'detection and registration of new hardware' function of the Windows Shell; the vulnerability is exposed by a parameter that is not properly validated. The exploit allows a local user to escalate their privileges on a compromised Windows XP or Windows 2003 system. CVE-2007-0211 Exploits/Local Windows
05.08.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 2 This update adds support to Microsoft Windows 2008. This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
02.03.2015 Microsoft Windows TCP IP Arbitrary Write Local Privilege Escalation Exploit (MS14-070) The TCP/IP Driver (tcpip.sys) present in Microsoft Windows fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x00120028) to the vulnerable driver. CVE-2014-4076 Exploits/Local Windows
10.28.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit Update The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. This update improves the module reliability. CVE-2010-3847 Exploits/Local Linux
10.17.2011 Microsoft WINS Input Validation Exploit (MS11-070) Update This module adds support to Microsoft Windows 2008. This module exploits a vulnerability on Microsoft WINS service sending crafted UDP packets to the WINS-RPC local port. CVE-2011-1984 Exploits/Local Windows
02.22.2010 Sudoedit Privilege Escalation Exploit Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
08.24.2011 Linux Kernel set_fs Privilege Escalation Exploit This module exploits a local vulnerability in the set_fs function in the Linux kernel prior to 2.6.37. CVE-2010-4258 Exploits/Local Linux
06.27.2013 Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit Update 2 This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003, Windows 2008 and Windows Vista CVE-2013-3660 Exploits/Local Windows
06.10.2014 Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program. CVE-2014-1807 Exploits/Local Windows
03.05.2013 Microsoft Windows Win32k Improper Message Handling Vulnerability Exploit (MS13-005) An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. CVE-2013-0008 Exploits/Local Windows
06.11.2015 QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM) The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. CVE-2015-3456 Exploits/Local Linux
10.31.2006 Netscape Portable Runtime Environment log file overwrite exploit This module exploits a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, and allows attackers to create or overwrite arbitrary files on the system. CVE-2006-4842 Exploits/Local Solaris
07.16.2014 Microsoft Windows Administrator UAC Elevation Bypass This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group. NOCVE-9999-64489 Exploits/Local Windows
11.11.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Update 2 This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. This update adds support for Windows 8, Windows 8.1 and Windows 2012 platforms. CVE-2014-4113 Exploits/Local Windows
07.23.2008 Windows I2O Utility Filter Driver Privilege Escalation Exploit This module exploits a vulnerability in Windows I2O Utility Filter Driver when the 0x222F80 IOCTL in i2omgmt.sys is invoked with a specially crafted parameter. The IOCTL 0x222F80 handler in the i2omgmt.sys device driver in Windows I2O Utility Filter Driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (IRP) parameters. CVE-2008-0322 Exploits/Local Windows
07.31.2005 Solaris LD_AUDIT exploit This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. CVE-2005-2072 Exploits/Local Solaris
05.21.2009 ElbyCDIO IO Driver Privilege Escalation Exploit This module exploits a vulnerability in ElbyCDIO.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-0824 Exploits/Local Windows
12.25.2006 Mac OS X Mach Exception Handling exploit update An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. This update adds support for Mac OS X (i386) CVE-2006-4392 Exploits/Local
03.28.2007 IIS ASP Server-Side Include exploit update This update improves the reliability of the 'ISS ASP Server-Side Include exploit'. The module exploits a buffer overflow vulnerability in the SSINC.DLL file used by Microsoft IIS 5.0. The exploit is triggered by including long enough filenames in any ASP file. CVE-2002-0149 Exploits/Local Windows
10.13.2008 ZoneAlarm VSDATANT IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in ZoneAlarm products when the 0x8400000F function is invoked with a specially crafted parameter. The IOCTL 0x8400000F handler in the VSDATANT.SYS device driver in ZoneAlarm products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain escalated privileges. CVE-2007-4216 Exploits/Local Windows
09.24.2014 Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 2 This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This update adds support to Impact 2014 R2. CVE-2014-1767 Exploits/Local Windows
01.04.2011 win32api update Update for win32api module which adds 2 new wrappers. Exploits/Local
06.15.2006 Xorg Privilege Escalation Exploit X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. CVE-2006-0745 Exploits/Local
08.19.2010 Linux Kernel Ext4 Move Extents IOCTL Privilege Escalation Exploit Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. A local user can invoke the Ext4 'move extents' ioctl call, with certain options to execute arbitrary code and gain privileged access. Successful exploits will result in the complete compromise of affected computers. CVE-2009-4131 Exploits/Local Linux
10.22.2007 Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit Update This module exploits a vulnerability in Windows XP and Windows 2003 when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update corrects the CVE number and adds Windows 2003 as Supported System. CVE-2007-5587 Exploits/Local Windows

Pages