CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort ascending Platform
01.27.2011 FreeBSD mbufs sendfile Cache Poisoning Privilege Escalation Exploit The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption. This data corruption can be exploited by an local attacker to escalate their privilege by carefully controlling the corruption of system files. It should be noted that the attacker can corrupt any file they have read access to. CVE-2010-2693 Exploits/Local FreeBSD
01.15.2013 FreeBSD Kernel linux_ifconf Local Privilege Escalation Exploit This module exploits a kernel memory corruption in the Linux compatibility layer. CVE-2012-4576 Exploits/Local FreeBSD
08.22.2012 Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit This module exploits a vulnerability in Linux for x86-64. The IA32 system call emulation functionality does not zero-extend the EAX register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the RAX register and escalate privileges. This vulnerability is a regression of CVE-2007-4573. CVE-2010-3301 Exploits/Local Linux
02.22.2010 Sudoedit Privilege Escalation Exploit Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
02.13.2013 Solaris LD_AUDIT Privilege Escalation Exploit Update This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. This module exploits the vulnerability and installs an agent with root privileges. This update resolves an issue where the module could erroneously install agents in non-vulnerable systems. CVE-2005-2072 Exploits/Local Solaris
10.23.2007 Linux X.org composite exploit This module exploits a buffer overflow condition on local X.org servers with the composite extension activated. CVE-2007-4730 Exploits/Local Linux
05.28.2009 AIX Setlocale Function Local Privilege Escalation Exploit The AIX Setlocale Function is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete compromise of the affected computer. CVE-2006-4254 Exploits/Local AIX
11.15.2007 Xen Pygrub Command Injection exploit for Impact 7.5 This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. CVE-2007-4993 Exploits/Local Linux
03.12.2014 Oracle VirtualBox 3D Acceleration Virtual Machine Escape Exploit The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker running code within a Guest operating system can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host operating system. CVE-2014-0981 Exploits/Local Windows
08.22.2006 CSRSS facename exploit update This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update improve the exploit reliability in windows 2003. CVE-2005-0551 Exploits/Local Windows
09.12.2011 Microsoft Internet Explorer File Integrity Level Protected Mode Bypass Privilege Escalation Exploit (MS11-057) The Protected Mode of Microsoft Internet Explorer can be bypassed by exploiting a logical flaw when checking the Integrity Level of a file. This module allows an agent running in the context of iexplore.exe with Low Integrity Level to install a new agent that will run with Medium Integrity Level. CVE-2011-1347 Exploits/Local Windows
10.19.2006 Mac OS X Mach Exception Handling exploit An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. Exploits/Local OpenBSD, Solaris, Linux, Mac OS X
11.25.2010 Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-4398 Exploits/Local Windows
08.19.2010 Linux Kernel Ext4 Move Extents IOCTL Privilege Escalation Exploit Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. A local user can invoke the Ext4 'move extents' ioctl call, with certain options to execute arbitrary code and gain privileged access. Successful exploits will result in the complete compromise of affected computers. CVE-2009-4131 Exploits/Local Linux
11.03.2013 Microsoft Windows Win32k NULL Page Vulnerability Exploit (MS13-081) Update This module exploits a vulnerability in "win32k.sys" by calling to the "TrackPopupMenuEx" function. This update adds support to Windows 7 64 bits and Windows 2008 R2. CVE-2013-3881 Exploits/Local Windows
10.13.2008 ZoneAlarm VSDATANT IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in ZoneAlarm products when the 0x8400000F function is invoked with a specially crafted parameter. The IOCTL 0x8400000F handler in the VSDATANT.SYS device driver in ZoneAlarm products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain escalated privileges. CVE-2007-4216 Exploits/Local Windows
07.28.2014 Microsoft Windows On-Screen Keyboard Mouse Input Privilege Escalation Exploit (MS14-039) The On-Screen Keyboard application of Microsoft Windows is prone to a privilege escalation vulnerability when handling mouse input originated from a process running with Low Integrity Level. This vulnerability allows an agent running with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-2781 Exploits/Local Windows
12.05.2010 Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. This update adds support for Windows Vista and Windows Server 2008. CVE-2010-4398 Exploits/Local Windows
09.28.2009 Windows Debugging Subsystem Exploit Update There is an authentication vulnerability in the Windows debugging subsystem (smss). This allows any user to obtain a handle with any access of any process running. With this handle an agent is injected in a SYSTEM process. The update fixes an issue using Import * CVE-2002-0367 Exploits/Local Windows
01.19.2010 Microsoft Windows GP Trap Handler Privilege Escalation Exploit Incorrect assumptions in the support code of legacy 16bit applications in Microsoft Windows operating systems allows local users to gain system privileges via the "NtVdmControl" system call. This module exploits the vulnerability and installs an agent with system privileges. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0232 Exploits/Local Windows
05.07.2008 Microsoft IIS MS08-006 Exploit update This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. This update adds support for 2003 Enterprise Sp1 and bypasses DEP in already supported platforms. CVE-2008-0075 Exploits/Local Windows
11.25.2010 Microsoft Windows Task Scheduler Service Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. This update adds support for Windows 7 and Windows 2008 x64. CVE-2010-3338 Exploits/Local Windows
08.27.2012 Linux Kernel compat_alloc_user_space Privilege Escalation Exploit The "compat_alloc_user_space" function, which belongs to the 32-bit compatibility layer for 64-bit versions of Linux, can produce a stack pointer underflow when it's called with an arbitrary length input. This vulnerability can be used by local unprivileged users to corrupt the kernel memory in order to gain root privileges. CVE-2010-3081 Exploits/Local Linux
09.10.2007 WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit Windows 2003 Support This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update adds support for Windows 2003. CVE-2007-3681 Exploits/Local Windows
03.20.2011 Microsoft .NET Runtime Optimization Service Privilege Escalation Exploit The .NET Runtime Optimization Service, part of the .NET Framework, is prone to a privilege escalation vulnerability, which can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges. NOCVE-9999-47471 Exploits/Local Windows
01.19.2012 Microsoft Windows TrueType Font Parsing Vulnerability Local Exploit (MS11-087) This module exploits a Windows kernel heap overflow vulnerability when a crafted TTF file is processed by Windows kernel. CVE-2011-3402 Exploits/Local Windows
11.18.2007 Linux ptrace x86_64 ia32syscall emulation exploit This module exploits a vulnerability in Linux for x86_64. The IA32 system call emulation functionality does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the %RAX register and escalate privileges. CVE-2007-4573 Exploits/Local Linux
08.23.2011 Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand Exploit (MS11-056) This module exploits a vulnerability on Microsoft Windows "CSRSS.EXE" process setting the command history number in a value greater than 0x7fff. CVE-2011-1283 Exploits/Local Windows
10.19.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3847 Exploits/Local Linux
10.14.2008 AIX update_flash PATH Usage Exploit update This package updates the AIX update_flash PATH Usage Exploit. CVE-2006-2647 Exploits/Local AIX

Pages