Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
07.23.2007 Versalsoft HTTP File Uploader Buffer Overflow Exploit This module exploits a vulnerability in the UFileUploaderD.dll control included in the HTTP File Upload ActiveX Control. The exploit is triggered when the AddFile() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-2563 Exploits/Client Side Windows
07.17.2007 SAP DB WebTools Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the waHTTP.exe (SAP DB Web Server) component included with the SAP DB. The exploit is triggered by sending an unauthenticated, specially crafted HTTP request to the default port 9999/TCP. CVE-2007-3614 Exploits/Remote Windows
07.16.2007 Zenturi ProgramChecker ActiveX Exploit This module exploits a vulnerability in the sasatl.dll control included in the Zenturi ProgramChecker ActiveX application. The exploit is triggered when the DebugMsgLog() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-2987 Exploits/Client Side Windows
07.16.2007 EnjoySAP ActiveX Exploit This module exploits a vulnerability in the kwedit.dll control included in the EnjoySAP application. The exploit is triggered when the PrepareToPostHTML() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-3605 Exploits/Client Side Windows
07.16.2007 NeoTrace ActiveX Exploit This module exploits a vulnerability in the NeoTraceExplorer ActiveX Control (NeoTraceExplorer.dll). The exploit is triggered when a long string argument is processed by the TraceTarget() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2006-6707 Exploits/Client Side Windows
07.12.2007 mDNSResponder buffer overflow exploit This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. CVE-2007-2386 Exploits/Remote Mac OS X
07.12.2007 Asterisk T.38 buffer overflow exploit This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. After successful exploitation a agent will be installed. The process being exploited is usually run as root. CVE-2007-2293 Exploits/Remote Linux
07.02.2007 TrueCrypt Privilege Escalation Exploit This module exploits a vulnerability in TrueCrypt 4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. This exploit mounts a temporary, especially crafted TrueCrypt volume in the /lib/tls directory and executes a setuid application to bypass security controls and execute an agent as root. CVE-2007-1738 Exploits/Local Linux
07.01.2007 Symantec Discovery XFERWAN Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the XferWan.exe component included with Symantec Discovery 6.5. The exploit sends a specially crafted TCP packet triggering a buffer overflow and installing an agent on the target system. CVE-2007-1173 Exploits/Remote Windows
06.28.2007 Sun Java Web SOCKS Proxy Authentication Exploit This module exploits a stack-based buffer overflow vulnerability in the SOCKS proxy included in the Sun Java Web Proxy Server. The exploit sends specially crafted packets during the SOCKS connection negotiation and installs an agent if successful. CVE-2007-2881 Exploits/Remote Linux
06.27.2007 Apple QuickTime Java toQTPointer() code execution exploit update This module exploits a memory corruption vulnerability in the Java QuickTime for Java (QtJava.dll) browser plug-in. The module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user(s) to connect to it with a Java-enabled browser using the vulnerable plug-in. When a user connects to the site they trigger the exploit and the module attempts to install an agent on their computer. This update adds support for Safari browser in Mac OS X (i386) and adds Opera support in Windows. CVE-2007-2175 Exploits/Client Side Windows
06.21.2007 MSRPC Samba Command Injection exploit update This update adds support for Debian, Ubuntu, and Mac OS-X 10.4. This module exploits a command injection vulnerability in the function _AddPrinterW in Samba 3, reached through an AddPrinter remote request. CVE-2007-2447 Exploits/Remote Linux, OpenBSD, FreeBSD, Mac OS X
06.20.2007 McAfee Subscription Manager ActiveX Exploit This module exploits a buffer overflow vulnerability in the McAfee Subscription Manager (MCSUBMGR.DLL) ActiveX control. The exploit is triggered when the IsOldAppInstalled () method processes an overly long string argument allowing remote attackers to execute arbitrary code. This client-side exploit is dependent on a user visiting a malicious web-site hosted by CORE IMPACT to distribute the exploit and install an agent. CVE-2007-2584 Exploits/Client Side Windows
06.19.2007 ActSoft DVD Tools Buffer Overflow Exploit This module exploits a vulnerability in the dvdtools.ocx control included in the ActSoft DVD Tools ActiveX application. The exploit is triggered when the OpenDVD() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-0976 Exploits/Client Side Windows
06.18.2007 NCTAudioFile2 ActiveX Buffer Overflow Exploit This module exploits a vulnerability in the NCTAudioFile2.AudioFile ActiveX Control (NCTAudioFile2.dll) used by various multimedia applications. The exploit is triggered when a long string argument is processed by the SetFormatLikeSample() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-0018 Exploits/Client Side Windows
06.18.2007 MSRPC Trend Micro Server Protect buffer overflow exploit TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-2508 Exploits/Remote Windows
06.14.2007 Yahoo Messenger Webcam ActiveX Exploit Update This update adds support for Windows Vista. This module exploits a vulnerability in the Yahoo Messenger Webcam 8.1 ActiveX Control (ywcvwr.dll). When the Receive() method processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code. This exploit is triggered when an unsuspecting user is lured into visiting a malicious web-site hosted by CORE IMPACT. CVE-2007-3148 Exploits/Client Side Windows
06.14.2007 Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow Exploit This module exploits a buffer overflow in Norton Internet Security 2004, via a bug in ISLAert.dll, an ActiveX control installed by default. CVE-2007-1689 Exploits/Client Side Windows
06.13.2007 Samba lsa_io_trans_names buffer overflow exploit This module exploits a buffer overflow vulnerability when parsing RPC requests through the LSA RPC interface in Samba 3.x. The exploit is triggered by sending a specially crafted RPC LsarLookupSids request to a vulnerable computer. CVE-2007-2446 Exploits/Remote Solaris, Linux
06.13.2007 Microsoft Speech API ActiveX control Exploit This module exploits a vulnerability in XVoice.dll included in the Microsoft Text to Speech Control. The exploit is triggered when the FindEngine() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-2222 Exploits/Client Side Windows
06.12.2007 Apache Tomcat buffer overflow exploit This module exploits a buffer overflow vulnerability in the Apache Tomcat JK Web Server Connector and installs an agent. An attacker can use an overly long URL to trigger a buffer overflow in the URL work map routine (map_uri_to_worker()) in the mod_jk.so library, resulting in the compromise of the target system. CVE-2007-0774 Exploits/Remote Linux
06.12.2007 Apple QuickTime Java toQTPointer() code execution exploit This module exploits a memory corruption vulnerability in the Java QuickTime for Java (QtJava.dll) browser plug-in. The module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user(s) to connect to it with a Java-enabled browser using the vulnerable plug-in. When a user connects to the site they trigger the exploit and the module attempts to install an agent on their computer. CVE-2007-2175 Exploits/Client Side Windows
06.11.2007 Microsoft Windows GDI Kernel Local Privilege Escalation Exploit This module exploits a vulnerability in the way that Microsoft Windows manages GDI kernel structures in shared memory. An attacker could remap a global shared memory section that is defined to be read-only to read-write allowing them to execute arbitrary code and gain additional privileges on the target system. CVE-2006-5758 Exploits/Local Windows
06.10.2007 Yahoo Messenger Webcam ActiveX Exploit This module exploits a vulnerability in the Yahoo Messenger Webcam 8.1 ActiveX Control (ywcvwr.dll). When the Receive() method processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code. This exploit is triggered when an unsuspecting user is lured into visiting a malicious web-site hosted by CORE IMPACT. CVE-2007-3148 Exploits/Client Side Windows
06.06.2007 LANDesk Management Suite Alert Service Exploit This module exploits a buffer overflow vulnerability in the Alert Service (aolnsrvr.exe) component of LANDesk Management Suite 8.7 and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port UDP/65535. CVE-2007-1674 Exploits/Remote Windows
06.04.2007 GNOME Evince PostScript Exploit This module exploits a stack-based buffer overflow vulnerability in the PostScript processor included in GNOME Evince. The vulnerability is caused by the get_next_text() function not properly validating overly long fields in a PostScript file. The exploit is triggered when an unsuspecting user opens a specially crafted file distributed via an email. CVE-2006-5864 Exploits/Client Side Linux
06.03.2007 SNORT SMB Fragmentation Buffer Overflow exploit This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. CVE-2006-5276 Exploits/Remote Linux, FreeBSD
05.29.2007 Symantec Rtvscan buffer overflow exploit This module exploits a buffer overflow vulnerability in Symantec Client Security 3.x and Symantec Antivirus Corporate Edition 10.x that allows a remote un-authenticated attacker to compromise the target system and obtain system privileges. CVE-2006-2630 Exploits/Remote Windows
05.03.2007 CA BrightStor ARCserve Backup mediasvr.exe Exploit This module exploits a buffer overflow vulnerability in the CA BrightStor ARCserve Backup mediasvr.exe. The vulnerability is caused by an input validation error in the mediasvr.exe component when it processes specially crafted RPC requests. CVE-2007-1785 Exploits/Remote Windows
04.19.2007 IBM Lotus Domino IMAP Server Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in a Lotus Domino IMAP Server and installs an agent if successful. This vulnerability can be exploited remotely and it does not require user authentication. CVE-2007-1675 Exploits/Remote Windows, AIX

Pages