CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.01.2013 CSRSS facename exploit Update 2 This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0551 Exploits/Local Windows
11.15.2010 Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Exploit The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges. CVE-2008-2830 Exploits/Local Mac OS X
07.22.2010 Sudoedit Privilege Escalation Exploit Update This module exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to execute any command as root including a shell, allowing an unprivileged process to elevate its privileges to root. This update adds OSX 10.6 (Snow Leopard) as supported target. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
06.27.2013 Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit Update 2 This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003, Windows 2008 and Windows Vista CVE-2013-3660 Exploits/Local Windows
11.24.2009 Linux Ptrace-exec Race Condition Exploit Update This update fixes a documentation issue regarding supported platforms. CVE-2001-1384 Exploits/Local Linux
08.06.2009 FreeBSD mount Local Privilege Escalation Exploit FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. CVE-2008-3531 Exploits/Local FreeBSD
05.19.2009 IBM Director CIM Server Privilege Escalation Exploit IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process. CVE-2009-0880 Exploits/Local Windows
03.20.2011 Microsoft .NET Runtime Optimization Service Privilege Escalation Exploit The .NET Runtime Optimization Service, part of the .NET Framework, is prone to a privilege escalation vulnerability, which can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges. NOCVE-9999-47471 Exploits/Local Windows
03.05.2013 Microsoft Windows Win32k Improper Message Handling Vulnerability Exploit (MS13-005) An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. CVE-2013-0008 Exploits/Local Windows
08.17.2010 PAM Motd Privilege Escalation Exploit PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps.A local attacker could exploit this to gain root privileges. CVE-2010-0832 Exploits/Local Linux
08.01.2006 Linux vixie-cron exploit do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf CVE-2006-2607 Exploits/Local Linux
09.01.2010 Microsoft Windows Tracing Registry Key ACL Privilege Escalation Exploit (MS10-059) An elevation of privilege vulnerability exists when Windows places incorrect access control lists (ACLs) on the registry keys for the Tracing Feature for Services. The vulnerability allows local attackers running code under an account with impersonation rights, like NETWORK SERVICE, to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2554 Exploits/Local Windows
10.08.2009 Linux Kernel Sock_Sendpage Local Privilege Escalation Exploit The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket CVE-2009-2692 Exploits/Local Linux
06.21.2010 Mac OS X CUPS lppasswd Local Privilege Escalation Exploit This module exploits a format string vulnerability in CUPS lppasswd in Apple Mac OS X 10.5.6 that allows local users to get code execution with elevated privileges. CVE-2010-0393 Exploits/Local Mac OS X
08.29.2007 WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-3681 Exploits/Local Windows
08.23.2011 Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand Exploit (MS11-056) This module exploits a vulnerability on Microsoft Windows "CSRSS.EXE" process setting the command history number in a value greater than 0x7fff. CVE-2011-1283 Exploits/Local Windows
10.28.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit Update The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. This update improves the module reliability. CVE-2010-3847 Exploits/Local Linux
07.01.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) This module exploits a vulnerability in win32k.sys when a "window" is created. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0485 Exploits/Local Windows
05.08.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 2 This update adds support to Microsoft Windows 2008. This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
07.30.2014 Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. CVE-2014-1767 Exploits/Local Windows
10.27.2011 Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. CVE-2011-1249 Exploits/Local Windows
01.04.2011 win32api update Update for win32api module which adds 2 new wrappers. Exploits/Local
08.29.2007 Symantec SYMTDI.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in Symantec products when the 0x83022323 function is invoked with a specially crafted parameter. The IOCTL 0x83022323 handler in the SYMTDI.SYS device driver in Symantec products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. CVE-2007-3673 Exploits/Local Windows
10.04.2009 VMware Fusion Privilege Escalation Exploit This module exploits a privilege escalation vulnerability on VMware Fusion. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3281 Exploits/Local Mac OS X
08.24.2011 Linux Kernel set_fs Privilege Escalation Exploit This module exploits a local vulnerability in the set_fs function in the Linux kernel prior to 2.6.37. CVE-2010-4258 Exploits/Local Linux
02.22.2010 Sudoedit Privilege Escalation Exploit Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
04.23.2013 PHP Parsing Variant Buffer Overflow Exploit A Buffer overflow against the com_print_typeinfo function in PHP running on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types. CVE-2012-2376 Exploits/Tools Windows
09.28.2005 Sun Solaris Printd Arbitrary File Deletion Exploit Sun Solaris printd is affected by an arbitrary file deletion vulnerability. This module exploits this vulnerability. CVE-2005-4797 Exploits/Tools Solaris
11.18.2009 NetBIOS Cache Corruption Update Corrupts the NetBIOS Cache to allow redirection of NetBIOS and DNS names to an arbitrary IP Address. This update fixes a problem when closing the local udp port used by the module, in cases where the execution was stopped manually. CVE-2000-1079 Exploits/Tools Windows
08.15.2013 UPnP Vulnerability Checker This module checks for vulnerabilities in UPnP-enabled systems. It sends a SSDP "M-SEARCH" packet to the multicast group (239.255.255.250) and checks for known banners corresponding to vulnerable UPnP SDK versions. CVE-2012-5958 Exploits/Tools

Pages