The Latest Exploits Shipped to Core Impact 18.1

Summary for all of the exploits and updates shipped to Core Impact 18.1 since its release (on Feb 14th):

  • 14 Updates Overall
  • 3 Remote Exploits
  • 5 Client-Side Exploits
  • 3 Local Exploits
  • 3 Product Updates

Here is the list of published updates:

Remote Exploits:

  • Symantec Messaging Gateway performRestore OS Command Injection Exploit
  • IBM Informix Open Admin Tool SOAP welcomeServer PHP Remote Code Execution Exploit
  • CloudMe Sync Buffer Overflow Exploit

Client-Side Exploits:

  • ASX to MP3 converter ASX Buffer Overflow Exploit
  • Microsoft Office Equation Editor Memory Corruption Exploit (CVE-2018-0802) Update
  • Microsoft Office Memory Corruption Exploit (CVE-2017-11826) Update
  • Omron CX-Supervisor Project File Exploit
  • Sync Breeze Enterprise Import Command Buffer Overflow Exploit

Local Exploits:

  • Kingsoft Internet Security Local Privilege Escalation Exploit
  • Linux Kernel Dirty COW Race Condition Privilege Escalation Exploit Update
  • MalwareFox AntiMalware Privilege Escalation Exploit

Product Updates:

  • AV Evasion improvements
  • Meltdown Checker Update (CVE-2017-5154)
  • Spectre Checker (CVE-2017-5153)

Important Updates to Highlight:

The introduction of the Spectre Checker (associated with CVE-2017-5153) now enables Core Impact to find hosts that are likely to be susceptible to this kind of exploitation.

There have been some significant AV evasion improvements shipped to Core Impact. These evasion updates apply to all agent generation operations, such as where you are creating an agent (with the “Package agent and register” module for example), and for every exploit (remote or local) that results in an agent being deployed. This makes the agents much more difficult for AV engines to detect which can result in much more thorough and effective testing.