Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
01.25.2011 VideoCharge Studio VSC File Buffer Overflow Exploit Video Charge Studio is prone to a buffer overflow vulnerability when parsing a malicious VSC files with a long Filename value field. NOCVE-9999-46284 Exploits/Client Side Windows
01.02.2008 VideoLAN VLC buffer overflow subtitle exploit VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. Exploits/Client Side Windows
01.03.2008 VideoLAN VLC buffer overflow subtitle exploit update VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. Added support for Windows Vista, 2003 and 2000. Exploits/Client Side Windows
01.30.2008 VideoLAN VLC Buffer Overflow Subtitle Exploit Update 2 VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder.The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This update adds support for Opera and Mozilla Firefox. CVE-2007-6681 Exploits/Client Side Windows
05.15.2008 VideoLAN VLC Buffer Overflow Subtitle Exploit Update 3 VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of SSA files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDVD, SSA and VPlayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This exploit add support for VLC 0.86e version. CVE-2007-6681 Exploits/Client Side Windows
01.27.2011 VideoSpirit Pro Buffer Overflow Exploit VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. CVE-2011-0499 Exploits/Client Side Windows
06.20.2012 VideoSpirit Pro Buffer Overflow Exploit Update VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. This update adds the CVE number. CVE-2011-0499 Exploits/Client Side Windows
09.09.2009 VirtualMin Dom Parameter Cross Site Scripting Exploit Input passed to the "dom" parameter in left.cgi and via the URL to virtual-server/link.cgi is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-39439 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.15.2010 Viscom Software Movie Player Pro SDK ActiveX Remote Buffer Overflow Exploit A stack-based buffer overflow occurs when you pass to "strFontName" parameter a string overly long than 24 bytes which leads into EIP overwrite allowing the execution of arbitrary code in the context of the logged on user. This happens because an inadequate space is stored into the buffer intended to receive the font name. CVE-2010-0356 Exploits/Client Side Windows
05.26.2011 VisiWave Site Survey Report File Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. CVE-2011-2386 Exploits/Client Side Windows
11.18.2012 VisiWave Site Survey Report File Processing Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. This update adds CVE information. CVE-2011-2386 Exploits/Client Side Windows
11.25.2007 Visual Studio PDWizard.ocx Code Execution Exploit This module exploits a vulnerability in the PDWizard.ocx of the Visual Studio application. The module will run a malicious website in the CORE IMPACT console and wait for a user to connect and trigger the exploit. CVE-2007-4891 Exploits/Client Side Windows
08.12.2013 VLC Media Player ABC File Parsing Exploit The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow in the libmodplug library used by VLC Media Player. NOCVE-9999-59318 Exploits/Client Side Windows
03.22.2011 VLC Media Player AMV File Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .AMV files. CVE-2010-3275 Exploits/Client Side Windows
08.28.2007 VLC Media Player Format String exploit This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC 0.86, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. CVE-2007-3316 Exploits/Client Side Windows, Linux, Mac OS X
12.16.2007 VLC Media Player Format String exploit linux support update This module tries to attack VLC Media Player by sending a crafted OGG file that triggers a format string and overwrites a subroutine pointer during rendering. This update adds support for linux. CVE-2007-3316 Exploits/Client Side Windows, Linux
10.04.2007 VLC Media Player Format String exploit update This update adds support for Mac OS X, Windows 2000 and Windows 2003 platforms and support for 0.86 and 0.86a versions of VLC. CVE-2007-3316 Exploits/Client Side Windows, Linux, Mac OS X
04.25.2011 VLC Media Player libmodplug Buffer Overflow Exploit VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files. CVE-2011-1574 Exploits/Client Side Windows
06.21.2012 VLC Media Player libmodplug Buffer Overflow Exploit Update VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files. This version adds the CVE number. CVE-2011-1574 Exploits/Client Side Windows
06.01.2011 VLC Media Player MKV File Memory Corruption Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file. CVE-2011-0531 Exploits/Client Side Windows, Mac OS X
11.05.2009 VLC Media Player MP4 Demuxer Buffer Overflow Exploit VLC media player is prone to multiple stack-based buffer-overflow vulnerabilities. When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow. Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users. VLC media player 1.0.1 is vulnerable; prior versions may also be affected. NOCVE-9999-40279 Exploits/Client Side Windows
03.22.2011 VLC Media Player NSV Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .NSV (Nullsoft streaming video file) files when opening in Internet Explorer 6 or 7. CVE-2010-3276 Exploits/Client Side Windows
02.22.2009 VLC Media Player RealText Processing Stack Overflow Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. CVE-2008-5036 Exploits/Client Side Windows
08.02.2009 VLC Media Player RealText Processing Stack Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. CVE-2008-5036 Exploits/Client Side Windows
07.01.2014 VLC Media Player RTSP Processing Buffer Overflow Exploit VLC Media Player is prone to a buffer overflow when handling a specially crafted RTSP packets within the LIVE555 Plugin (liblive555_plugin.dll). CVE-2013-6934 Exploits/Client Side Windows
07.21.2009 VLC Media Player SMB URI Handling Buffer Overflow Exploit VLC Media Player is prone to a stack-based buffer-overflow vulnerability when handling playlist files having an overly long SMB URI. CVE-2009-2484 Exploits/Client Side Windows
11.05.2008 VLC Media Player TY File Stack Based Buffer Overflow Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. CVE-2008-4654 Exploits/Client Side Windows
11.09.2008 VLC Media Player TY File Stack Based Buffer Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. This update improves exploit reliability. CVE-2008-4654 Exploits/Client Side Windows
09.07.2010 VLC Media Player wintab32 DLL Hijacking Exploit VLC Media Player is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder than .MP3 file. NOCVE-9999-44964 Exploits/Client Side Windows
01.09.2011 VLC Media Player wintab32 DLL Hijacking Exploit Update VLC Media Player is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder as a .MP3 file. This update adds CVE number and makes exploit compatible with the last WebDav version. NOCVE-9999-44964 Exploits/Client Side Windows

Pages