Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.27.2011 Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. CVE-2011-1249 Exploits/Local Windows
10.15.2012 Microsoft Windows Sysret Instruction Privilege Escalation Exploit (MS12-042) On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local Windows
07.04.2012 FreeBSD Sysret Instruction Privilege Escalation Exploit On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local FreeBSD
02.21.2011 Sun SunScreen Firewall Privilege Escalation Exploit The SunScreen Firewall is prone to a vulnerability that allows the execution of arbitrary commands as the root user. This module exploits the vulnerability and installs an agent with root privileges. CVE-2011-0902 Exploits/Local Solaris
08.19.2010 Linux Kernel Ext4 Move Extents IOCTL Privilege Escalation Exploit Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. A local user can invoke the Ext4 'move extents' ioctl call, with certain options to execute arbitrary code and gain privileged access. Successful exploits will result in the complete compromise of affected computers. CVE-2009-4131 Exploits/Local Linux
10.14.2014 Linux Kernel n_tty_write Privilege Escalation Exploit Update This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. This update adds support for Ubuntu 14.04. CVE-2014-0196 Exploits/Local Linux
09.29.2009 Avast Antivirus ASWMON.SYS Privilege Escalation Exploit This module exploits a vulnerability in Avast Antivirus ASWMON.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-3522 Exploits/Local Windows
10.16.2006 AIX update_flash PATH usage exploit This module exploits a untrusted search path vulnerability in update_flash for IBM AIX. CVE-2006-2647 Exploits/Local AIX
10.23.2007 Linux X.org composite exploit This module exploits a buffer overflow condition on local X.org servers with the composite extension activated. CVE-2007-4730 Exploits/Local Linux
11.02.2010 GNU ld.so Arbitrary Dlopen Privilege Escalation Exploit The GNU C dynamic linker (ld.so) is prone to a local privilege- escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. CVE-2010-3856 Exploits/Local Linux
11.15.2007 Xen Pygrub Command Injection exploit for Impact 7.5 This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. CVE-2007-4993 Exploits/Local Linux
12.27.2005 SuSE Linux chfn exploit This module exploits a vulnerability in SuSE chfn command and escalates privileges to root. CVE-2005-3503 Exploits/Local Linux
01.19.2010 Microsoft Windows GP Trap Handler Privilege Escalation Exploit Incorrect assumptions in the support code of legacy 16bit applications in Microsoft Windows operating systems allows local users to gain system privileges via the "NtVdmControl" system call. This module exploits the vulnerability and installs an agent with system privileges. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0232 Exploits/Local Windows
10.27.2011 Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. CVE-2011-2005 Exploits/Local Windows
10.23.2012 Libdbus DBUS_SYSTEM_BUS_ADDRESS Variable Local Privilege Escalation Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. CVE-2012-3524 Exploits/Local Linux
09.03.2014 Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This module adds support to Microsoft Windows 2003, Windows Vista, Windows 2008 and Windows 8.1 CVE-2014-1767 Exploits/Local Windows
02.21.2011 Panda Global Protection AppFlt.sys Privilege Escalation Exploit This module exploits a memory corruption vulnerability in the AppFlt.sys driver of Panda Global Protection when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-46949 Exploits/Local Windows
09.15.2009 Apple Mac OS X HFS Plus Local Privilege Escalation Exploit XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler. This allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. CVE-2009-1235 Exploits/Local Mac OS X
06.15.2009 Linux Kernel UDEV Local Privilege Escalation Exploit The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. CVE-2009-1186 Exploits/Local Linux
07.01.2009 Microsoft Windows Token Kidnapping Local Privilege Escalation Exploit (MS09-012) This module exploits a vulnerability in the way that Microsoft Windows manages the RPCSS service and improperly isolates processes running under the NetworkService or LocalService accounts. This can be exploited to execute arbitrary code with System privileges. CVE-2008-1436 Exploits/Local Windows
10.10.2011 Norman Security Suite Nprosec.sys Privilege Escalation Exploit Norman Security Suite is affected by a privilege escalation vulnerability that can be exploited by local, unprivileged users to gain SYSTEM privileges. The vulnerability occurs in the Nprosec.sys driver when handling IOCTL 0x00220210. NOCVE-9999-49673 Exploits/Local Windows
08.06.2009 FreeBSD mount Local Privilege Escalation Exploit FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. CVE-2008-3531 Exploits/Local FreeBSD
02.21.2007 Windows Image Acquisition CmdLine exploit The Window Image Acquisition (WIA) Service in Microsoft Windows XP allows local users to gain privileges via a stack overflow when processing the bsCmdLine parameter of the IWiaDevMgr::RegisterEventCallbackProgram function. CVE-2007-0210 Exploits/Local Windows
05.19.2009 IBM Director CIM Server Privilege Escalation Exploit IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process. CVE-2009-0880 Exploits/Local Windows
08.01.2014 Microsoft Windows MQAC.sys Arbitrary Write Local Privilege Escalation Exploit The MQ Access Control Driver (mqac.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x1965020F) to the vulnerable driver. CVE-2014-4971 Exploits/Local Windows
10.13.2008 ZoneAlarm VSDATANT IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in ZoneAlarm products when the 0x8400000F function is invoked with a specially crafted parameter. The IOCTL 0x8400000F handler in the VSDATANT.SYS device driver in ZoneAlarm products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain escalated privileges. CVE-2007-4216 Exploits/Local Windows
08.28.2013 Agnitum Outpost Security Suite Privilege Escalation Exploit This module exploits a vulnerability in Agnitum Outpost Security Suite acs.exe service server when handling a specially crafted request, sent to the acsipc_server named pipe. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the acs.exe server process. NOCVE-9999-59314 Exploits/Local Windows
10.30.2011 Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) Update The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-1249 Exploits/Local Windows
09.17.2014 Adobe Reader X AdobeCollabSync Buffer Overflow Sandbox Bypass Exploit This module allows an agent running in the context of AcroRd32.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-2730 Exploits/Local Windows
04.03.2014 Oracle VirtualBox VBoxSF.sys IOCTL_MRX_VBOX_DELCONN Privilege Escalation Exploit The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. CVE-2014-0405 Exploits/Local Windows

Pages