We ended the month of July sharing discussion and analysis about the present and future of the security field with our customers, partners and fellow practitioners at Black Hat. We also had the opportunity of sharing and demoing the key components of our upcoming major release to hundreds of customers and security experts that joined us at our customer meetings and approached our booth at the show to dive into some of the new features we’ll be sharing with you soon.
All in all during July we published more than 20 new exploits (listed below) and other updates and new modules that were requested by our customers. Some of the new modules that you may want to take a look at are:
- The updated “DCE-RPC Endpoint Dumper” that introduce important performance improvements.
- The updated “Mitigation Report” that now allows you to track the evolution of not only vulnerabilities but also exposures.
- The Mimikatz importer that allows you to import your Mimikatz results into the CORE Impact “Identity Manager” functionality.
In addition to the above four new advisories were released as a results of our in-house research efforts available here http://www.coresecurity.com/grid/advisories.
Exploit updates for July 2013 (excluding maintenance updates and modules) include:
Remote Code Execution
HP Data Protector Cell Manager Opcode 259 Remote Code Execution Exploit
HP System Management Homepage ginkgosnmp.inc Command Injection Exploit
PHP Charts Remote Code Execution Exploit
Ultra Mini HTTPD Stack Buffer Overflow Exploit
GroundWork monarch_scan.cgi Remote Code Execution Exploit
MinaliC Webserver GET Buffer Overflow Exploit
PCMan FTP Server USER Command Buffer Overflow Exploit
Apple Quicktime Invalid Atom Length Buffer Overflow Exploit
Microsoft Silverlight Double Dereference Exploit (MS13-022)
XnView PSP Image Processing Buffer Overflow Exploit
Artweaver AWD File Processing Memory Corruption Exploit
Corel PDF Fusion XPS Processing Buffer Overflow Exploit
DJ Studio Pro SEH Overflow Exploit
WM Downloader M3U Buffer OverFlow Exploit
ERDAS ER Viewer rf_report_error Buffer Overflow Exploit
Adrenalin Player ASX Buffer Overflow Exploit
Adrenalin Player WAX Buffer Overflow Exploit
MediaCoder LST File Buffer Overflow Exploit
Local & DoS
Novell Client 2 NICM.SYS Privilege Escalation Exploit
OpenSSL DTLS ChangeCipherSpec DoS
Your feedback and questions are greatly appreciated. Please send us your questions and suggestions helping us to offer an even better solution to you.