Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
09.30.2013 Microsoft Windows Class Name String Atom Privilege Escalation Exploit (MS12-041) An error in the way that the Windows kernel handles string atoms when registering a new window class allows unprivileged users to re-register atoms of privileged applications. This vulnerability can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges. CVE-2012-1864 Exploits/Local Windows
10.27.2011 Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. CVE-2011-2005 Exploits/Local Windows
10.31.2006 Netscape Portable Runtime Environment log file overwrite exploit This module exploits a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, and allows attackers to create or overwrite arbitrary files on the system. CVE-2006-4842 Exploits/Local Solaris
07.31.2005 Solaris LD_AUDIT exploit This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. CVE-2005-2072 Exploits/Local Solaris
02.21.2011 Panda Global Protection AppFlt.sys Privilege Escalation Exploit This module exploits a memory corruption vulnerability in the AppFlt.sys driver of Panda Global Protection when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-46949 Exploits/Local Windows
05.07.2008 Microsoft IIS MS08-006 Exploit update This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. This update adds support for 2003 Enterprise Sp1 and bypasses DEP in already supported platforms. CVE-2008-0075 Exploits/Local Windows
11.24.2009 Linux Ptrace-exec Race Condition Exploit Update This update fixes a documentation issue regarding supported platforms. CVE-2001-1384 Exploits/Local Linux
09.10.2007 WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit Windows 2003 Support This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update adds support for Windows 2003. CVE-2007-3681 Exploits/Local Windows
06.25.2013 Linux Kernel perf_swevent_init Privilege Escalation Exploit This module exploits a vulnerability in the Linux kernel. The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. CVE-2013-2094 Exploits/Local Linux
12.25.2006 Mac OS X Mach Exception Handling exploit update An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. This update adds support for Mac OS X (i386) CVE-2006-4392 Exploits/Local
07.01.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) This module exploits a vulnerability in win32k.sys when a "window" is created. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0485 Exploits/Local Windows
07.12.2010 inetd.conf Privilege Escalation Exploit Update The vulnerabilities consist in net services which are run as root but the owner of server files is not root or the group of the file is not root and has write permissions. These vulnerabilities were found in many Operating System versions. This update fixes a bug when passing parameters to a helper module. NOCVE-9999-39834 Exploits/Local Solaris
03.28.2007 IIS ASP Server-Side Include exploit update This update improves the reliability of the 'ISS ASP Server-Side Include exploit'. The module exploits a buffer overflow vulnerability in the SSINC.DLL file used by Microsoft IIS 5.0. The exploit is triggered by including long enough filenames in any ASP file. CVE-2002-0149 Exploits/Local Windows
05.30.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 6 This update adds support to Microsoft Windows 2003 64 bits edition ( DoS ), Microsoft Windows Vista 64 bits edition ( DoS ), Microsoft Windows 2008 64 bits edition ( DoS ) and Microsoft Windows Seven 64 bits edition ( DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
10.08.2009 Linux Kernel Sock_Sendpage Local Privilege Escalation Exploit The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket CVE-2009-2692 Exploits/Local Linux
06.15.2006 Xorg Privilege Escalation Exploit X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. CVE-2006-0745 Exploits/Local
05.15.2008 Microsoft NtUserMessageCall Kernel Privilege Escalation Exploit (MS08-025) An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges. CVE-2008-1084 Exploits/Local Windows
02.18.2014 Linux Kernel CONFIG_X86_X32 Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in the Linux Kernel. The X86_X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace and allows a local attacker to escalate privileges. CVE-2014-0038 Exploits/Local Linux
08.17.2010 PAM Motd Privilege Escalation Exploit PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps.A local attacker could exploit this to gain root privileges. CVE-2010-0832 Exploits/Local Linux
10.30.2011 Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) Update The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-1249 Exploits/Local Windows
09.01.2010 Microsoft Windows Tracing Registry Key ACL Privilege Escalation Exploit (MS10-059) An elevation of privilege vulnerability exists when Windows places incorrect access control lists (ACLs) on the registry keys for the Tracing Feature for Services. The vulnerability allows local attackers running code under an account with impersonation rights, like NETWORK SERVICE, to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2554 Exploits/Local Windows
06.21.2010 Mac OS X CUPS lppasswd Local Privilege Escalation Exploit This module exploits a format string vulnerability in CUPS lppasswd in Apple Mac OS X 10.5.6 that allows local users to get code execution with elevated privileges. CVE-2010-0393 Exploits/Local Mac OS X
07.22.2010 Sudoedit Privilege Escalation Exploit Update This module exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to execute any command as root including a shell, allowing an unprivileged process to elevate its privileges to root. This update adds OSX 10.6 (Snow Leopard) as supported target. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
03.05.2006 CSRSS facename exploit This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. CVE-2005-0551 Exploits/Local Windows
09.03.2012 Symantec LiveUpdate Administrator Local Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Symantec LiveUpdate Administrator. CVE-2012-0304 Exploits/Local Windows
12.02.2013 Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. CVE-2013-5065 Exploits/Local Windows
07.18.2013 Microsoft Windows Win32k Read AV Vulnerability (MS13-053) This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This is only a documentation update of the original module "Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit". CVE-2013-3660 Exploits/Local Windows
10.17.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-047) Update This update adds support to Impact 12.5 This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-1890 Exploits/Local Windows
11.18.2007 Linux ptrace x86_64 ia32syscall emulation exploit This module exploits a vulnerability in Linux for x86_64. The IA32 system call emulation functionality does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the %RAX register and escalate privileges. CVE-2007-4573 Exploits/Local Linux
07.13.2014 Linux Kernel n_tty_write Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. CVE-2014-0196 Exploits/Local Linux

Pages