We are pleased to announce the official release of Core Impact Pro 2014 R2.5 today, August 3. More than 25 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. This will be the last 'dot release' for 2014 R2 as in a couple of days we will be releasing new major version 2015 R1. So stay tuned!

During this release we've published 9 (!) client-side exploits for Adobe Flash Player, which sets the total number of exploits for Flash to a staggering 31, making it the second most-targeted application by IMPACT exploits (Microsoft Internet Explorer being the most targeted one). We also developed a module that checks for a couple of cryptographic attacks such as Logjam and FREAK. Lastly, IBM AppScan Rational and Tripwire IP360 importers were updated to support newer versions of the products. Here is the complete list of published modules:

Remote Exploits

IBM Lotus Domino LDAP ModifyRequest Add Exploit Zimbra Collaboration Server skin Local File Include Exploit

Client Side Exploits

Adobe Flash Player AS2 NetConnection Type Confusion Exploit Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Exploit Adobe Flash Player ByteArray valueOf Use-After-Free Exploit Adobe Flash Player ByteArray write method Use-After-Free Exploit Adobe Flash Player Drawing Fill Shader Memory Corruption Exploit Adobe Flash Player FLV Nellymoser Decoding Heap Buffer Overflow Exploit Adobe Flash Player FLV Parsing Memory Corruption Exploit Adobe Flash Player ShaderJob Buffer Overflow Exploit Adobe Flash Player opaqueBackground property Use-After-Free Exploit

Local Exploits

Linux Overlayfs Local Privilege Escalation Exploit Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 4 Microsoft Windows Kernel ATMFD Font Vulnerability Exploit Microsoft Windows Kernel Use After Free Vulnerability Exploit (MS15-061) Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM) VMware Workstation Printer Escape Vulnerability Exploit

Information Gathering

Detect FREAK SSL Ciphers Update Detect Vulnerable SSL Ciphers


Import Output from IBM Rational AppScan Update Import Output from Tripwire Update Package Agent in VBA Script Update CVE Database Update Supported services list update