We're pleased to announce the official release of Core Impact Pro 2014 R2.3. More than 45 updates have been added thus far, and they are available through the regular update channel for all Core Impact customers. Several exploit modules have been released, including a remote attack for Kerberos, a remote exploit for the GHOST vulnerability (CVE-2015-0235), a couple of client-side for Adobe Flash, some privilege escalation exploits for Windows systems and an experimental module that leverages the POODLE vulnerability and allows man-in-the-middle attacks against vulnerable browsers and servers. In addition to the above, this release also includes:

  • 6 remote exploits, including 1 for the GHOST vulnerability and 1 for Fortinet Single Sign On
  • 14 client-side exploits, including 5 different modules that target Adobe Flash
  • 3 local exploit for Windows
  • 2 denial-of-service module for Windows
  • Several general updates, including improvements to the antivirus evasion mechanism, pass the hash functionality and identity verifiers

Here is the complete list of published modules:

Remote Exploits

Exim Ghost Buffer Overflow Exploit HP Network NNMi PMD Buffer Overflow Exploit HP Data Protector Remote Command Execution Exploit Kerberos Checksum Remote Privilege Escalation Exploit (MS14-068) Update GE Proficy CIMPLICITY gefebt Remote Code Execution Fortinet Single Sign On Windows AD Buffer Overflow Exploit

Client Side Exploits

Adobe Flash Player copyPixelsToByteArray Heap Buffer Overflow Exploit Adobe Flash Player ByteArray UncompressViaZlibVariant Use-After-Free Exploit Adobe Flash Player casi32 Integer Overflow Exploit Adobe Flash Player PCRE regex Exploit Adobe Flash Player shared ByteArray Use-After-Free Exploit Schneider Electric VAMPSET Channel List Buffer Overflow Exploit Schneider Electric VAMPSET ASCII Argument Heap Overflow Exploit Schneider Electric ProClima MetaDraw ObjLinks Property Exploit Schneider Electric Multiple Products DTM libraries Buffer Overflow Exploit CorelDRAW Graphics Suite X7 Wintab32 DLL Hijacking Exploit SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit Webgate WESP SDK WESPMonitor Module Buffer Overflow Exploit Amaya Web Browser BDO HTML TAG Buffer Overflow Exploit Update Agilent Technologies Feature Extraction ActiveX Exploit

Local Exploits

Microsoft Windows TCP IP Arbitrary Write Local Privilege Escalation Exploit (MS14-070) Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) Update Windows Debugging Subsystem Exploit Update 2

Denial of Service

Trihedral VTScada Integer Overflow DoS Microsoft Windows Win32k Cursor Object Double Free Vulnerability DoS (MS15-010)

Exploit Tools

POODLE TLS1.x to SSLv3 Downgrading Vulnerability Exploit Microsoft Windows LNK Shortcut Automatic DLL Loading Exploit (MS15-020) Drupal core SQL injection Exploit Update


Import Output from Tripwire Import output from QualysGuard Update Pass the Hash module Update Fake Access Point Update Client-Side Phishing Update SMB Server Update LibEgg process escape update ClientSide Phishing Attack Update Attack and Penetration using imported data Update Windows Domain IG Wizard Update Windows NTLM New Identity Update Identity Verifier Update Exploit Modules Maintenance Setup Metasploit Integration Update AV Evasion Improvements v2 CVE Database Update Metasploit Framework CVE Update