Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
06.20.2012 VideoSpirit Pro Buffer Overflow Exploit Update VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. This update adds the CVE number. CVE-2011-0499 Exploits/Client Side Windows
09.09.2009 VirtualMin Dom Parameter Cross Site Scripting Exploit Input passed to the "dom" parameter in left.cgi and via the URL to virtual-server/link.cgi is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-39439 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.15.2010 Viscom Software Movie Player Pro SDK ActiveX Remote Buffer Overflow Exploit A stack-based buffer overflow occurs when you pass to "strFontName" parameter a string overly long than 24 bytes which leads into EIP overwrite allowing the execution of arbitrary code in the context of the logged on user. This happens because an inadequate space is stored into the buffer intended to receive the font name. CVE-2010-0356 Exploits/Client Side Windows
05.26.2011 VisiWave Site Survey Report File Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. CVE-2011-2386 Exploits/Client Side Windows
11.18.2012 VisiWave Site Survey Report File Processing Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. This update adds CVE information. CVE-2011-2386 Exploits/Client Side Windows
11.25.2007 Visual Studio PDWizard.ocx Code Execution Exploit This module exploits a vulnerability in the PDWizard.ocx of the Visual Studio application. The module will run a malicious website in the CORE IMPACT console and wait for a user to connect and trigger the exploit. CVE-2007-4891 Exploits/Client Side Windows
08.12.2013 VLC Media Player ABC File Parsing Exploit The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow in the libmodplug library used by VLC Media Player. NOCVE-9999-59318 Exploits/Client Side Windows
03.22.2011 VLC Media Player AMV File Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .AMV files. CVE-2010-3275 Exploits/Client Side Windows
08.28.2007 VLC Media Player Format String exploit This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC 0.86, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. CVE-2007-3316 Exploits/Client Side Windows, Linux, Mac OS X
12.16.2007 VLC Media Player Format String exploit linux support update This module tries to attack VLC Media Player by sending a crafted OGG file that triggers a format string and overwrites a subroutine pointer during rendering. This update adds support for linux. CVE-2007-3316 Exploits/Client Side Windows, Linux
10.04.2007 VLC Media Player Format String exploit update This update adds support for Mac OS X, Windows 2000 and Windows 2003 platforms and support for 0.86 and 0.86a versions of VLC. CVE-2007-3316 Exploits/Client Side Windows, Linux, Mac OS X
04.25.2011 VLC Media Player libmodplug Buffer Overflow Exploit VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files. CVE-2011-1574 Exploits/Client Side Windows
06.21.2012 VLC Media Player libmodplug Buffer Overflow Exploit Update VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files. This version adds the CVE number. CVE-2011-1574 Exploits/Client Side Windows
06.01.2011 VLC Media Player MKV File Memory Corruption Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file. CVE-2011-0531 Exploits/Client Side Windows, Mac OS X
11.05.2009 VLC Media Player MP4 Demuxer Buffer Overflow Exploit VLC media player is prone to multiple stack-based buffer-overflow vulnerabilities. When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow. Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users. VLC media player 1.0.1 is vulnerable; prior versions may also be affected. NOCVE-9999-40279 Exploits/Client Side Windows
03.22.2011 VLC Media Player NSV Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .NSV (Nullsoft streaming video file) files when opening in Internet Explorer 6 or 7. CVE-2010-3276 Exploits/Client Side Windows
02.22.2009 VLC Media Player RealText Processing Stack Overflow Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. CVE-2008-5036 Exploits/Client Side Windows
08.02.2009 VLC Media Player RealText Processing Stack Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. CVE-2008-5036 Exploits/Client Side Windows
07.01.2014 VLC Media Player RTSP Processing Buffer Overflow Exploit VLC Media Player is prone to a buffer overflow when handling a specially crafted RTSP packets within the LIVE555 Plugin (liblive555_plugin.dll). CVE-2013-6934 Exploits/Client Side Windows
07.21.2009 VLC Media Player SMB URI Handling Buffer Overflow Exploit VLC Media Player is prone to a stack-based buffer-overflow vulnerability when handling playlist files having an overly long SMB URI. CVE-2009-2484 Exploits/Client Side Windows
11.05.2008 VLC Media Player TY File Stack Based Buffer Overflow Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. CVE-2008-4654 Exploits/Client Side Windows
11.09.2008 VLC Media Player TY File Stack Based Buffer Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. This update improves exploit reliability. CVE-2008-4654 Exploits/Client Side Windows
09.07.2010 VLC Media Player wintab32 DLL Hijacking Exploit VLC Media Player is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder than .MP3 file. NOCVE-9999-44964 Exploits/Client Side Windows
01.09.2011 VLC Media Player wintab32 DLL Hijacking Exploit Update VLC Media Player is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder as a .MP3 file. This update adds CVE number and makes exploit compatible with the last WebDav version. NOCVE-9999-44964 Exploits/Client Side Windows
05.15.2012 VLC MMS Stream Handling Buffer Overflow Exploit A Stack-based buffer overflow in VideoLAN VLC media player allows remote attackers to execute arbitrary code via a crafted MMS:// stream. CVE-2012-1775 Exploits/Client Side Windows
03.20.2014 VLC MMS Stream Handling Buffer Overflow Exploit Update A Stack-based buffer overflow in VideoLAN VLC media player allows remote attackers to execute arbitrary code via a crafted MMS:// stream. This version fix a bug with source ip calculation. CVE-2012-1775 Exploits/Client Side Windows
11.14.2012 VMware ESX RetrieveProperties Remote DoS A security vulnerability was found in the VMware vSphere Hypervisor (ESXi) subsystem, allowing an unauthenticated remote DoS. The vulnerability could allow denial of service if a specially crafted request is sent to the vSphere API by an unauthenticated user. CVE-2012-5703 Denial of Service/Remote
11.28.2012 VMware ESX RetrieveProperties Remote DoS Update The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. This update adds the correct CVE number. CVE-2012-5703 Denial of Service/Remote
10.04.2009 VMware Fusion Privilege Escalation Exploit This module exploits a privilege escalation vulnerability on VMware Fusion. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3281 Exploits/Local Mac OS X
06.07.2011 VMWare Infrastructure Client tsgetxu71ex552.dll ActiveX Exploit The vulnerability exists within the way that Internet Explorer instantiates GET Extension Factory COM objects, which are not intended to be created inside of the browser. The object does not initialize properly, and this leads to a memory corruption vulnerability. CVE-2011-2217 Exploits/Client Side Windows

Pages