Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
06.15.2014 Linux sudo env_reset Privilege Escalation Exploit A logical error in sudo when the env_reset option is disabled allows local attackers to define environment variables that were supposed to be blacklisted by sudo. This can be exploited by a local unprivileged attacker to gain root privileges by manipulating the environment of a command that the user is legitimately allowed to run with sudo. CVE-2014-0106 Exploits/Local Linux
09.20.2006 Linux suid_dumpable exploit The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. CVE-2006-2451 Exploits/Local Linux
05.07.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
06.03.2009 FreeBSD ktimer Local Privilege Escalation Exploit FreeBSD is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied data. An attacker can exploit this vulnerability to run arbitrary code with elevated privileges. CVE-2009-1041 Exploits/Local FreeBSD
10.19.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3847 Exploits/Local Linux
03.05.2013 Microsoft Windows Win32k Improper Message Handling Vulnerability Exploit (MS13-005) An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. CVE-2013-0008 Exploits/Local Windows
11.10.2010 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS10-073) Update This update adds support to Microsoft Windows 7. This module exploits a vulnerability on "win32k.sys" when a keyboard layout is loaded by the kernel. CVE-2010-2743 Exploits/Local Windows
08.21.2014 Microsoft Internet Explorer IESetProtectedModeRegKeyOnly Protected Mode Escape Exploit (MS13-097) The IESetProtectedModeRegKeyOnly() function in the ieframe.dll library of Microsoft Internet Explorer calls the RegCreateKeyEx registry function when running with Medium Integrity Level over a registry key that is writable by a sandboxed IE instance. This can be abused to overwrite IE's Elevation Policy by creating symbolic links in the Windows Registry in order to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-5045 Exploits/Local Windows
01.11.2007 Linux NVIDIA exploit The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. CVE-2006-5379 Exploits/Local
11.07.2011 Trend Micro InterScan Web Security Suite Privilege Escalation Exploit This module exploits a local vulnerability in Trend Micro IWSS to gain elevated privileges on the affected computer. NOCVE-9999-50131 Exploits/Local Solaris, Linux
11.09.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Update This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. This update adds support for x86-64 platforms. CVE-2014-4113 Exploits/Local Windows
05.08.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 2 This update adds support to Microsoft Windows 2008. This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
02.17.2008 Microsoft IIS MS08-006 exploit This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. WARNING: This is an early release module. CVE-2008-0075 Exploits/Local Windows
11.07.2011 Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit Update (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-2005 Exploits/Local Windows
07.12.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) Update This update improves the exploit reliability and adds support to Windows XP SP2. This module exploits a vulnerability in win32k.sys when a "window" is created. CVE-2010-0485 Exploits/Local Windows
06.27.2013 Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit Update 2 This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003, Windows 2008 and Windows Vista CVE-2013-3660 Exploits/Local Windows
12.21.2008 Microsoft Windows SMB Credential Reflection Exploit (MS08-068) This module implements the SMB Relay attack to install an agent in the target machine. CVE-2008-4037 Exploits/Local Windows
07.07.2009 Microsoft Windows Print Spooler Load Library Vulnerability Exploit (MS09-022) Update This Update adds support to Microsoft Windows XP and 2003. This module takes advantage of an insufficient library path check in spoolsv.exe service to load a dll from an arbitrary directory with System user privileges. CVE-2009-0230 Exploits/Local Windows
03.14.2012 Linux mem_write Local Privilege Escalation Due to insuficient checks when accessing the memory of a process vi /proc/PID/mem the linux kernel is prone to a privilige escalation. CVE-2012-0056 Exploits/Local Linux
05.18.2011 Mac OS X i386_set_ldt Vulnerability Local Privilege Escalation Exploit This module exploits a vulnerability on "i386_set_ldt" function of "mach_kernel" creating a "call gate" entry in the LDT. CVE-2011-0182 Exploits/Local Mac OS X
11.11.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Update 2 This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. This update adds support for Windows 8, Windows 8.1 and Windows 2012 platforms. CVE-2014-4113 Exploits/Local Windows
08.01.2006 Linux vixie-cron exploit do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf CVE-2006-2607 Exploits/Local Linux
03.21.2012 PAM Motd Privilege Escalation Exploit Update The PAM MOTD module in Ubuntu does not correctly handle path permissions when creating user file stamps. A local attacker can exploit this to gain root privileges. This update improves the reliability of the exploit. CVE-2010-0832 Exploits/Local Linux
02.24.2011 Anti Keylogger Elite Privilege Escalation Exploit Update 2 This module exploits a vulnerability in Anti keylogger elite when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x002224A4 handler in the AKEProtect.sys device driver in Anti Keylogger Elite allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. This update improves the checks to verify whether the vulnerable application is installed or not. CVE-2008-5049 Exploits/Local Windows
05.14.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 3 This update adds support to Microsoft Windows XP with the MS12-034 patch installed. This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
06.15.2011 PolicyKit pkexec Race Condition Exploit This module exploits a local race-condition vulnerability in PolicyKit, which allows local users to execute arbitrary code with root privileges. CVE-2011-1485 Exploits/Local Linux
02.03.2015 Microsoft Windows TCP IP Arbitrary Write Local Privilege Escalation Exploit (MS14-070) The TCP/IP Driver (tcpip.sys) present in Microsoft Windows fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x00120028) to the vulnerable driver. CVE-2014-4076 Exploits/Local Windows
10.20.2010 FreeBSD pseudofs NULL Pointer Dereference Privilege Escalation Exploit Due to failure to handle exceptional conditions, a NULL pointer is dereferenced by the FreeBSD kernel allowing to overwrite arbitrary kernel memory. This module exploits the vulnerability to install an agent with root privileges. CVE-2010-4210 Exploits/Local FreeBSD
01.20.2014 VMware VMCI Privilege Escalation Exploit When the "vmci.sys" driver processes a crafted call from user an array index out of bound is exploited CVE-2013-1406 Exploits/Local Windows
10.03.2007 AIX Libodm ODMPATH exploit This module exploits a vulnerability in the processing of the ODMPATH environment variable within the odm_searchpath() function. This function reads the ODMPATH variable from the user provided environment, and then copies it into a fixed sized stack buffer without properly validating its length. This results in a stack-based buffer overflow, and allows the saved return address to be overwritten allowing the execution of arbitrary code with root privileges. CVE-2007-3680 Exploits/Local AIX

Pages