CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort ascending Platform
03.05.2006 CSRSS facename exploit This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. CVE-2005-0551 Exploits/Local Windows
08.12.2011 Microsoft Internet Explorer XBAP Protected Mode Bypass Privilege Escalation Exploit The Protected Mode feature of Microsoft Internet Explorer can be bypassed by running an XBAP application from the local filesystem. This module allows an agent running with Low Integrity Level to install a new agent that will run with Medium Integrity Level. NOCVE-9999-49066 Exploits/Local Windows
10.14.2008 AIX update_flash PATH Usage Exploit update This package updates the AIX update_flash PATH Usage Exploit. CVE-2006-2647 Exploits/Local AIX
05.25.2010 Linux Kernel UDEV Local Privilege Escalation Exploit Update The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. This update fixs a module's bug. CVE-2009-1186 Exploits/Local Linux
05.10.2012 Linux Sing Log Injection Local Exploit SING is prone to a local privilege-escalation vulnerability, that allows an unprivileged process to elevate privileges to root. CVE-2007-6211 Exploits/Local Linux
12.05.2010 Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. This update adds support for Windows Vista and Windows Server 2008. CVE-2010-4398 Exploits/Local Windows
09.20.2006 Linux suid_dumpable exploit The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. CVE-2006-2451 Exploits/Local Linux
10.18.2007 Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit This module exploits a vulnerability in Windows XP when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-5587 Exploits/Local Windows
06.11.2013 Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. CVE-2013-3660 Exploits/Local Windows
10.16.2008 Microsoft Windows AFD Driver Local Privilege Escalation Exploit (MS08-066) This module exploits a vulnerability in Windows Ancillary function driver when the 0x1203F IOCTL in afd.sys is invoked with a specially crafted parameter. The IOCTL 0x1203F handler in the afd.sys function driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-3464 Exploits/Local
02.10.2008 Linux Kernel Vmsplice() Privilege Escalation Exploit Exploits a missing verification of parameters within the vmsplice_to_user(), copy_from_user_mmap_sem(), and get_iovec_page_array() functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted vmsplice() system call, and allows an unprivileged process to elevate privileges to root. CVE-2008-0600 Exploits/Local Linux
11.25.2010 Microsoft Windows Task Scheduler Service Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. This update adds support for Windows 7 and Windows 2008 x64. CVE-2010-3338 Exploits/Local Windows
10.12.2010 Microsoft Windows Desktop Parameter Edit Vulnerability Exploit (MS09-025) This module exploits a stack overflow on kernel mode on win32k.sys via an unspecified desktop parameter. CVE-2009-1126 Exploits/Local Windows
02.24.2008 VMware Shared Folders Directory Traversal Exploit This module exploits a vulnerability in VMware shared folders. CVE-2008-0923 Exploits/Local Windows
06.11.2007 Microsoft Windows GDI Kernel Local Privilege Escalation Exploit This module exploits a vulnerability in the way that Microsoft Windows manages GDI kernel structures in shared memory. An attacker could remap a global shared memory section that is defined to be read-only to read-write allowing them to execute arbitrary code and gain additional privileges on the target system. CVE-2006-5758 Exploits/Local Windows
07.12.2010 inetd.conf Privilege Escalation Exploit Update The vulnerabilities consist in net services which are run as root but the owner of server files is not root or the group of the file is not root and has write permissions. These vulnerabilities were found in many Operating System versions. This update fixes a bug when passing parameters to a helper module. NOCVE-9999-39834 Exploits/Local Solaris
08.09.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-048) This module exploits a vulnerability on win32k.sys when the "CreateWindow" function is called. CVE-2010-1897 Exploits/Local Windows
07.20.2008 Mac OS X pppd Plugin Loading Privilege Escalation Exploit The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. CVE-2007-0752 Exploits/Local Mac OS X
10.19.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3847 Exploits/Local Linux
10.06.2013 Microsoft Windows Telephony Service exploit Update This module connects to Telephony Service and sends a message via lineSetAppPriorityW winapi32 producing a buffer overflow and installs an agent. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0058 Exploits/Local Windows
11.14.2011 Microsoft Windows Font Library File Buffer Overrun Vulnerability Exploit (MS11-077) When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header. CVE-2011-2003 Exploits/Local Windows
12.27.2009 Symantec Veritas VRTSweb Privilege Escalation Exploit This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port. That can be exploited by local users to gain elevated privileges. CVE-2009-3027 Exploits/Local Windows
01.15.2013 FreeBSD Kernel linux_ifconf Local Privilege Escalation Exploit This module exploits a kernel memory corruption in the Linux compatibility layer. CVE-2012-4576 Exploits/Local FreeBSD
08.22.2012 Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit This module exploits a vulnerability in Linux for x86-64. The IA32 system call emulation functionality does not zero-extend the EAX register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the RAX register and escalate privileges. This vulnerability is a regression of CVE-2007-4573. CVE-2010-3301 Exploits/Local Linux
01.16.2011 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS10-073) Update 2 This update adds support to Microsoft Windows 2003, Vista and 2008. This module exploits a vulnerability on "win32k.sys" when a keyboard layout is loaded by the kernel. CVE-2010-2743 Exploits/Local Windows
04.05.2009 FreeBSD Kernel Protosw Privilege Escalation Exploit The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "socket()" system call, and allows an unprivileged process to elevate privileges to root or escape a FreeBSD jail. CVE-2008-5736 Exploits/Local FreeBSD
11.08.2010 Trend Micro Titanium Maximum Security TMTDI.SYS Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Trend Micro Titanium Maximum Security tmtdi.sys driver. The vulnerable driver trusts a dword passed from user mode via IOCTL 0x220404, and interprets it as a function pointer without performing validations. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-45910 Exploits/Local Windows
02.13.2013 Solaris LD_AUDIT Privilege Escalation Exploit Update This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. This module exploits the vulnerability and installs an agent with root privileges. This update resolves an issue where the module could erroneously install agents in non-vulnerable systems. CVE-2005-2072 Exploits/Local Solaris
05.23.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 4 This update adds support to Microsoft Windows Vista and Microsoft Windows 7 ( only DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
01.11.2007 Linux NVIDIA exploit The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. CVE-2006-5379 Exploits/Local

Pages