You would have thought that after releasing Impact v12.3 and all the great new features and capabilities we would have taken a bit of a rest. However, patch Tuesday and other events kept occurring and there were too many good exploits for us to write and release.

This month included 20 new Client Side exploits, 6 new Remote Code Execution exploits and a privilege escalation attack. As well as 4 updates to existing exploits and 8 maintenance updates

In fact by the end of May we had released over 140 updates to IMPACT Pro, putting us on track for another record year of updates. And that number  doesn’t take into account all the new functionality, modules and reports included in v12.3!

Spirits are high here at Core, we just finished a successful customer road show on the east coast and we have started planning for Black Hat. I always enjoy the chance to speak to so many of our customers in one spot, and spend time with them and industry leaders talking about the challenges the next few years will hold for the security industry.

Updates for May 2012 (excluding Maintenance updates):

Remote Code Execution

  • PHP-CGI Argument Injection Exploit
  • ABB Robot Communications Runtime Buffer Overflow Exploit
  • CA Total Defense UNCWS Web Service DeleteReports Remote Code Execution Exploit
  • CA Total Defense UNCWS Web Service deleteReportFilter  Remote Code Execution Exploit
  • SAP Netweaver DiagTraceR3Info Remote Buffer Overflow Exploit
  • LANDesk Lenovo ThinkManagement Console Remote Command Execution Exploit

Client Side

  • MPlayer SAMI Subtitle File Buffer Overflow Exploit
  • Quest InTrust AnnotateX ActiveX Exploit
  • Microsoft Windows MSCOMCTL Exploit (MS12-027) Update
  • TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow Exploit
  • OpenKM scripting Command Injection Exploit
  • Shadow Stream Recorder Buffer Overflow Exploit
  • Dell Webcam CrazyTalk4Native.dll ActiveX Buffer Overflow Exploit
  • ASUS Net4Switch ipswcom ActiveX Buffer Overflow Exploit
  • Microsoft Windows OLE Property Code Execution Exploit (MS11-093)
  • VLC MMS Stream Handling Buffer Overflow Exploit
  • Citrix Gateway ActiveX Nsepa Buffer Overflow Exploit
  • IBM Rational ClearQuest RegisterSchemaRepoFromFileByDbSet ActiveX Control Buffer Overflow Exploit
  • Oracle Outside In sccfut dll Buffer Overflow Exploit
  • McAfee Virtual Technician MVTControl ActiveX Exploit
  • HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Code Execution Exploit
  • ispVM System XCF File Processing Buffer Overflow Exploit
  • 3D Life Player WebPlayer ActiveX Buffer Overflow Exploit
  • PAC-Designer File Processing Buffer Overflow Exploit
  • NET-i Viewer CNC Ctrl dll ActiveX BackupToAvi() Buffer Overflow Exploit
  • CyberLink Power2Go P2G Name Attribute Buffer Overflow Exploit

Privilege Escalation

  • Linux Sing Log Injection Local Exploit

 

- Alex Horan, Senior Product Manager