Core-HQ-bldg-300x139

November efforts were mainly focused on delivering new exploits and updates to existing exploits and modules requested by customers while working on the release of CORE Impact 2014 R1. The main exploits & modules released during November are listed below:

Updates for November 2013 (excluding five maintenance updates) include:

Tools & Modules

Updated Retina importer now adding support for the latest version available
Updates for existing AV evasion techniques
Updated identity verifiers (mainly improving SMB and SMTP verifiers)

Remote Code Execution

HP System Management iprange Parameter Buffer Overflow Exploit

Zavio Camera NTP Server OS Command Injection Exploit

Client Side

Oracle Java ByteComponentRaster Memory Corruption Exploit

Microsoft Word TIFF Files Handling Memory Corruption Exploit

 

In addition to the above we also published a new advisory about Vivotek IP surveillance cameras (http://www.coresecurity.com/grid/advisories) that could be interesting for you.

 

Your feedback and questions are greatly appreciated. Please send us your questions and suggestions that will  help us develop an even better solution to you.

Flavio de Cristofaro – Vice President of Engineering for Professional Products