Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.15.2012 Microsoft Windows Sysret Instruction Privilege Escalation Exploit (MS12-042) On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local Windows
07.04.2012 FreeBSD Sysret Instruction Privilege Escalation Exploit On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local FreeBSD
06.25.2013 Linux Kernel perf_swevent_init Privilege Escalation Exploit This module exploits a vulnerability in the Linux kernel. The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. CVE-2013-2094 Exploits/Local Linux
10.17.2011 Microsoft WINS Input Validation Exploit (MS11-070) Update This module adds support to Microsoft Windows 2008. This module exploits a vulnerability on Microsoft WINS service sending crafted UDP packets to the WINS-RPC local port. CVE-2011-1984 Exploits/Local Windows
05.07.2008 Microsoft IIS MS08-006 Exploit update This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. This update adds support for 2003 Enterprise Sp1 and bypasses DEP in already supported platforms. CVE-2008-0075 Exploits/Local Windows
09.10.2007 WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit Windows 2003 Support This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update adds support for Windows 2003. CVE-2007-3681 Exploits/Local Windows
07.13.2014 Linux Kernel n_tty_write Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. CVE-2014-0196 Exploits/Local Linux
05.25.2010 Linux Kernel UDEV Local Privilege Escalation Exploit Update The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. This update fixs a module's bug. CVE-2009-1186 Exploits/Local Linux
01.04.2012 Microsoft Windows Font Library File Buffer Overrun Vulnerability Exploit (MS11-077) Update This update adds support to Microsoft Windows Vista and Microsoft Windows 2008. When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability by filling the kernel memory via heap spraying and building a fake chunk header. CVE-2011-2003 Exploits/Local Windows
11.18.2007 Linux ptrace x86_64 ia32syscall emulation exploit This module exploits a vulnerability in Linux for x86_64. The IA32 system call emulation functionality does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the %RAX register and escalate privileges. CVE-2007-4573 Exploits/Local Linux
12.28.2008 Mac OS X smcFanControl Local Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in smcFanControl on Apple Mac OS X 10.4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. CVE-2008-6252 Exploits/Local Mac OS X
10.23.2012 Libdbus DBUS_SYSTEM_BUS_ADDRESS Variable Local Privilege Escalation Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. CVE-2012-3524 Exploits/Local Linux
01.27.2011 FreeBSD mbufs sendfile Cache Poisoning Privilege Escalation Exploit The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption. This data corruption can be exploited by an local attacker to escalate their privilege by carefully controlling the corruption of system files. It should be noted that the attacker can corrupt any file they have read access to. CVE-2010-2693 Exploits/Local FreeBSD
03.28.2010 Linux Kernel Sock_Sendpage Local Privilege Escalation Exploit Update The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. This update adds the 'one-shot' tag to the XML of the module. CVE-2009-2692 Exploits/Local Linux
12.02.2013 Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. CVE-2013-5065 Exploits/Local Windows
07.18.2013 Microsoft Windows Win32k Read AV Vulnerability (MS13-053) This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This is only a documentation update of the original module "Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit". CVE-2013-3660 Exploits/Local Windows
07.14.2014 FreeBSD X.Org libXfont BDF Privilege Escalation Exploit The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. CVE-2013-6462 Exploits/Local FreeBSD
12.21.2008 Microsoft Windows SMB Credential Reflection Exploit (MS08-068) This module implements the SMB Relay attack to install an agent in the target machine. CVE-2008-4037 Exploits/Local Windows
10.18.2007 Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit This module exploits a vulnerability in Windows XP when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-5587 Exploits/Local Windows
10.26.2009 Anti Keylogger Elite Privilege Escalation Exploit Update This module exploits a vulnerability in Anti keylogger elite when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x002224A4 handler in the AKEProtect.sys device driver in Anti Keylogger Elite allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. This update improves the checks to verify whether the vulnerable application is installed or not. CVE-2008-5049 Exploits/Local Windows
02.10.2008 Linux Kernel Vmsplice() Privilege Escalation Exploit Exploits a missing verification of parameters within the vmsplice_to_user(), copy_from_user_mmap_sem(), and get_iovec_page_array() functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted vmsplice() system call, and allows an unprivileged process to elevate privileges to root. CVE-2008-0600 Exploits/Local Linux
10.01.2013 CSRSS facename exploit Update 2 This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0551 Exploits/Local Windows
11.04.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. CVE-2014-4113 Exploits/Local Windows
05.20.2014 Microsoft Windows Kernel NDProxy Vulnerability Exploit (MS14-002) This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. This module is an update of the original "Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit" module. Besides, this module adds support to Windows 2003 SP2 64 bits edition. CVE-2013-5065 Exploits/Local Windows
02.24.2008 VMware Shared Folders Directory Traversal Exploit This module exploits a vulnerability in VMware shared folders. CVE-2008-0923 Exploits/Local Windows
11.25.2010 Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-4398 Exploits/Local Windows
12.14.2006 ProFTPD Controls Buffer Overflow Exploit The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
08.12.2011 Microsoft Internet Explorer XBAP Protected Mode Bypass Privilege Escalation Exploit The Protected Mode feature of Microsoft Internet Explorer can be bypassed by running an XBAP application from the local filesystem. This module allows an agent running with Low Integrity Level to install a new agent that will run with Medium Integrity Level. NOCVE-9999-49066 Exploits/Local Windows
10.12.2010 Microsoft Windows Desktop Parameter Edit Vulnerability Exploit (MS09-025) This module exploits a stack overflow on kernel mode on win32k.sys via an unspecified desktop parameter. CVE-2009-1126 Exploits/Local Windows
12.03.2013 Microsoft Internet Explorer NonQuotedCmdLine Protected Mode Escape Exploit (MS13-055) An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-4015 Exploits/Local Windows

Pages