Core-HQ-bldg-300x139

 

May was a busy month for our user support teams. While the Exploit and the L3 teams were working on the following DOT release (IMPACT 2013 R1.3), we shared more than 30 updates with our customers in May including exploits, modules and maintenance updates.

May efforts were mainly focused on delivering new exploits and improving our “Importers” and “Identity Manager” capabilities based on our customers’ feedback.

Updates for May 2013 (excluding five maintenance updates) include:

Remote Code Execution

Firebird SQL CNCT Remote Buffer Overflow Exploit

BigAnt IM Server DDNF Username Buffer Overflow Exploit

HP Intelligent Management Center mibFileUpload Servlet Remote Exploit

Schneider Electric Accutech Manager Heap Overflow Exploit

EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit

PHPMyAdmin Replace Table Prefix Remote Code Execution Exploit

Light HTTP Daemon Buffer Overflow Exploit

EMC AlphaStor Library Control Program Buffer Overflow Exploit

SAP Netweaver Message Server _MsJ2EE_AddStatistics Memory Corruption Exploit

Novell ZENworks Mobile Management Remote Code Execution Exploit

 

Client Side

Microsoft Internet Explorer CGenericElement Object Use-After-Free Exploit

Microsoft Windows Win32k Font Parsing Vulnerability ClientSide DoS (MS13-036)

GlobalSCAPE CuteZIP Buffer Overflow Exploit

ERDAS ER Viewer ERM_convert_to_correct_webpath Buffer Overflow Exploit

Kingsoft Office wpsio Buffer Overflow Exploit

Oracle Java Font Handling Code Execution Exploit

IBM SPSS SamplePower C1sizer ActiveX Control Buffer Overflow Exploit

 

Local & DoS

Microsoft Windows Win32k Divide Error Exception DoS (MS13-046)

Wireshark DRDA Dissector DoS

Microsoft Windows Win32k Buffer Overflow Exploit (MS13-046)

 

In addition to the above we also published several advisories related to major bugs found in surveillance devices that were highly discussed by the security community.

Finally we shared a guide on how to start using CORE CloudCypher that we recommend you to read and get the most out of CORE Impact.

Your feedback and questions are greatly appreciated.  Please send us your questions and suggestions that help us improve Impact for you. Learn more about penetration testing. 

Flavio de Cristofaro – Vice President of Engineering for Professional Products