We're in the final month prior to the release of v12.5 of CORE Impact Professional (due to release the middle of September), and as you can imagine every department within Core has been working hard to make sure this release lives up to the high standards we have set and maintained with previous releases of Impact. From the large engineering team, the dedicated QA team to the System Engineers and Customer Support Engineers everyone has participated in building and testing this release to make sure it provides the value our customers need, and have come to exepct.

But despite this effort on the next release we retained our focus on ensuring we were releasing exploits and updates for v12.3 – with a total of 22 updates for Impact including of course a commercial grade exploit for the infamous Java zero day

Updates for August 2012 (excluding maintenance updates)

Remote Code execution

ALLMediaServer Buffer Overflow Exploit
Conficker Detector Exploit (Update)
Interactive Graphical SCADA System Command Injection Exploit
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow Exploit
Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit

Client Side

Apple QuickTime QTVR QTVRStringAtom Buffer Overflow Exploit (Update)
Csound hetro File Handling Stack Buffer Overflow Exploit
IBM Lotus iNotes ActiveX Control Buffer Overflow Exploit
IBM Lotus Quickr qp2.cab ActiveX Control Buffer Overflow Exploit
Microsoft Visio Viewer DXF File Buffer Overflow Exploit (MS12-059)
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow Exploit
Oracle Java Beans Statement Remote Code Execution Exploit
Oracle Java Beans Statement Remote Code Execution Exploit Update
Oracle Java Field Access Bytecode Verifier Cache Remote Code Execution Exploit
Xenorate XPL File Buffer Overflow Exploit

Privilege Escalation

FreeBSD NFS Client Privilege Escalation Exploit
Linux Kernel compat_alloc_user_space Privilege Escalation Exploit
Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit

And we updated the MySQL Authentication Bypass Detector module, which connects to a MySQL server in order to determine if its vulnerable to the memcmp authentication bypass. The server assumes that the return value of a memcmp function is just one byte length, but in certain platforms, it can return a larger number, leading to an authentication bypass scenario.

Alex Horan, Senior Product Manager