November efforts were mainly focused on delivering new exploits and updates to existing exploits and modules requested by customers while working on the release of CORE Impact 2014 R1. The main exploits & modules released during November are listed below:
Updates for November 2013 (excluding five maintenance updates) include:
Tools & Modules
Updated Retina importer now adding support for the latest version available
Updates for existing AV evasion techniques
Updated identity verifiers (mainly improving SMB and SMTP verifiers)
Remote Code Execution
HP System Management iprange Parameter Buffer Overflow Exploit
Zavio Camera NTP Server OS Command Injection Exploit
Oracle Java ByteComponentRaster Memory Corruption Exploit
Microsoft Word TIFF Files Handling Memory Corruption Exploit
In addition to the above we also published a new advisory about Vivotek IP surveillance cameras (http://www.coresecurity.com/grid/advisories) that could be interesting for you.
Your feedback and questions are greatly appreciated. Please send us your questions and suggestions that will help us develop an even better solution to you.
Flavio de Cristofaro – Vice President of Engineering for Professional Products