Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort ascending Platform
08.24.2011 Linux Kernel set_fs Privilege Escalation Exploit This module exploits a local vulnerability in the set_fs function in the Linux kernel prior to 2.6.37. CVE-2010-4258 Exploits/Local Linux
12.04.2014 Microsoft Windows Administrator UAC Elevation Bypass Update This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group. NOCVE-9999-64489 Exploits/Local Windows
07.12.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) Update This update improves the exploit reliability and adds support to Windows XP SP2. This module exploits a vulnerability in win32k.sys when a "window" is created. CVE-2010-0485 Exploits/Local Windows
07.17.2013 Novell Client 2 NICM.SYS Privilege Escalation Exploit This module exploits a vulnerability in the NICM.SYS driver shipped with Novell Client 2 when handling specially crafted IOCTL requests. CVE-2013-3956 Exploits/Local Windows
10.25.2010 Linux Kernel RDS Protocol Privilege Escalation Exploit The Linux kernel is prone to a privilege escalation vulnerability that can be exploited by local unprivileged users to gain root access, because the RDS protocol does not properly check that the base address of a user-provided iovec struct points to a valid userspace address before using the __copy_to_user_inatomic() function to copy the data. By providing a kernel address as an iovec base and issuing a recvmsg() style socket call, a local user could write arbitrary data into kernel memory, thus escalating privileges to root. CVE-2010-3904 Exploits/Local Linux
12.21.2008 Microsoft Windows SMB Credential Reflection Exploit (MS08-068) This module implements the SMB Relay attack to install an agent in the target machine. CVE-2008-4037 Exploits/Local Windows
08.06.2009 PulseAudio Privilege Escalation Exploit This module exploits a race condition vulnerability in PulseAudio on Linux systems to gain elevated privileges. CVE-2009-1894 Exploits/Local Linux
09.30.2013 Microsoft Windows Class Name String Atom Privilege Escalation Exploit (MS12-041) An error in the way that the Windows kernel handles string atoms when registering a new window class allows unprivileged users to re-register atoms of privileged applications. This vulnerability can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges. CVE-2012-1864 Exploits/Local Windows
08.29.2007 Symantec SYMTDI.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in Symantec products when the 0x83022323 function is invoked with a specially crafted parameter. The IOCTL 0x83022323 handler in the SYMTDI.SYS device driver in Symantec products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. CVE-2007-3673 Exploits/Local Windows
06.24.2013 FreeBSD mmap ptrace Privilege Escalation Exploit This module exploits a vulnerability in FreeBSD. The FreeBSD virtual memory system allows files to be memory-mapped. All or parts of a file can be made available to a process via its address space. The process can then access the file using memory operations rather than filesystem I/O calls. Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access. CVE-2013-2171 Exploits/Local FreeBSD
02.22.2013 Sparklabs Viscosity Python Exec Local Privilege Escalation Exploit The setuid-set ViscosityHelper binary insecurely executes certain scripts and can be exploited to gain escalated privileges via symlink attacks. CVE-2012-4284 Exploits/Local Mac OS X
09.29.2009 Avast Antivirus ASWMON.SYS Privilege Escalation Exploit This module exploits a vulnerability in Avast Antivirus ASWMON.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-3522 Exploits/Local Windows
01.04.2012 Microsoft Windows Font Library File Buffer Overrun Vulnerability Exploit (MS11-077) Update This update adds support to Microsoft Windows Vista and Microsoft Windows 2008. When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability by filling the kernel memory via heap spraying and building a fake chunk header. CVE-2011-2003 Exploits/Local Windows
03.03.2015 Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) Update When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program. This update changes the module category from "Exploits/Tools" to "Exploits/Local". CVE-2014-1807 Exploits/Local Windows
10.28.2010 GNU Glibc ld.so ORIGIN Privilege Escalation Exploit Update The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. This update improves the module reliability. CVE-2010-3847 Exploits/Local Linux
12.14.2006 ProFTPD Controls Buffer Overflow Exploit The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
08.23.2010 Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) Update 2 This update adds support to Microsoft Windows Vista and Microsoft Windows 2008. This module exploits a vulnerability in win32k.sys when a "window" is created. CVE-2010-0485 Exploits/Local Windows
06.25.2013 Linux Kernel perf_swevent_init Privilege Escalation Exploit This module exploits a vulnerability in the Linux kernel. The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. CVE-2013-2094 Exploits/Local Linux
09.15.2009 Apple Mac OS X HFS Plus Local Privilege Escalation Exploit XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler. This allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. CVE-2009-1235 Exploits/Local Mac OS X
06.15.2009 Linux Kernel UDEV Local Privilege Escalation Exploit The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. CVE-2009-1186 Exploits/Local Linux
12.03.2014 Linux Kernel libfutex Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The futex_requeue function in kernel/futex.c in the Linux kernel does not ensure that calls have two different futex addresses, which allows local attackers to gain privileges via a crafted FUTEX_REQUEUE command. CVE-2014-3153 Exploits/Local Linux
07.23.2008 Windows I2O Utility Filter Driver Privilege Escalation Exploit This module exploits a vulnerability in Windows I2O Utility Filter Driver when the 0x222F80 IOCTL in i2omgmt.sys is invoked with a specially crafted parameter. The IOCTL 0x222F80 handler in the i2omgmt.sys device driver in Windows I2O Utility Filter Driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (IRP) parameters. CVE-2008-0322 Exploits/Local Windows
05.30.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 6 This update adds support to Microsoft Windows 2003 64 bits edition ( DoS ), Microsoft Windows Vista 64 bits edition ( DoS ), Microsoft Windows 2008 64 bits edition ( DoS ) and Microsoft Windows Seven 64 bits edition ( DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
07.01.2009 Microsoft Windows Token Kidnapping Local Privilege Escalation Exploit (MS09-012) This module exploits a vulnerability in the way that Microsoft Windows manages the RPCSS service and improperly isolates processes running under the NetworkService or LocalService accounts. This can be exploited to execute arbitrary code with System privileges. CVE-2008-1436 Exploits/Local Windows
01.04.2011 win32api update Update for win32api module which adds 2 new wrappers. Exploits/Local
02.18.2014 Linux Kernel CONFIG_X86_X32 Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in the Linux Kernel. The X86_X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace and allows a local attacker to escalate privileges. CVE-2014-0038 Exploits/Local Linux
08.06.2009 FreeBSD mount Local Privilege Escalation Exploit FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. CVE-2008-3531 Exploits/Local FreeBSD
05.19.2009 IBM Director CIM Server Privilege Escalation Exploit IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process. CVE-2009-0880 Exploits/Local Windows
05.15.2008 Microsoft NtUserMessageCall Kernel Privilege Escalation Exploit (MS08-025) An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges. CVE-2008-1084 Exploits/Local Windows
11.09.2014 Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Update This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. This update adds support for x86-64 platforms. CVE-2014-4113 Exploits/Local Windows

Pages