Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description Date Added CVE Link Exploit Platform Exploit Type
IE VML buffer overflow exploit update 2 This module exploits a buffer overflow in the Microsoft Internet Explorer via a Stack-based buffer overflow in Microsoft Internet Explorer 6.0 allowing remote attackers to execute arbitrary code via a long fill parameter within a rect tag in a Vector Markup Language (VML) file. This update adds support for Lotus Notes. November 23, 2006 Windows Exploits/Client Side
Advantech WebAccess webvrpcs Service DrawSrv TagGroup Buffer Overflow Exploit The specific flaw exists within the implementation of the 0x280A IOCTL in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. March 3, 2016 Windows Exploits/Remote
Linux Overlayfs ovl_setattr Local Privilege Escalation Exploit This module exploits a vulnerability in Linux. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. January 7, 2016 Linux Exploits/Local
Adobe Flash Player AVM2 Integer Underflow Exploit This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. May 4, 2014 Windows Exploits/Client Side
Oracle VirtualBox 3D Acceleration Virtual Machine Escape Exploit The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker running code within a Guest operating system can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host operating system. March 12, 2014 Windows Exploits/Local
Microsoft Windows TrueType Font File Vulnerability DoS (MS12-075) This module causes a BSOD in Microsoft Windows when parsing a specially crafted .TTF font file. December 5, 2012 Windows Denial of Service/Local
Microsoft Office Word Property Buffer Overflow Exploit (MS06-038) A remote code execution vulnerability exists in Office, and could be exploited when a malformed property included in an Office file was parsed by any of the affected Office applications. September 22, 2010 Windows Exploits/Client Side
Microsoft Windows Tracing Registry Key ACL Privilege Escalation Exploit (MS10-059) An elevation of privilege vulnerability exists when Windows places incorrect access control lists (ACLs) on the registry keys for the Tracing Feature for Services. The vulnerability allows local attackers running code under an account with impersonation rights, like NETWORK SERVICE, to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. September 1, 2010 Windows Exploits/Local
Oracle Business Process Management Cross Site Scripting Exploit A cross site scripting vulnerability in the context parameter in webconsole/faces/jsf/tips.jsp. August 25, 2010 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
Microsoft Windows SMB Pool Overflow DoS (MS10-054) This module exploits a Windows kernel remote vulnerability on the srv.sys driver via a malformed SMB packet. It could allow an attacker to connect to a shared folder and send a specially crafted SMB message to an affected system exploiting the target and installing an agent. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. August 10, 2010 Windows Denial of Service/Remote
Windows Movie Maker MSWMM Buffer Overflow Exploit (MS10-016) Update This module exploits a heap-based buffer overflow in the Microsoft Windows Movie Maker application by sending a specially crafted .MSWMM file. This update adds support for Windows Movie Maker 2.6. July 15, 2010 Windows Exploits/Client Side
MoreAmp MAF File Buffer Overflow Exploit This module exploits an improper bound checking in MoreAmp when importing a MAF (song list) file. This causes a stack based overflow and allows code execution on the targeted system with the privileges of the user which is running the application. July 15, 2010 Windows Exploits/Client Side
TweakFS Zip Utility Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing archives containing an entry with an overly long name. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .ZIP file. June 14, 2010 Windows Exploits/Client Side
IBM Lotus Domino If-Modified-Since Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the nHTTP.exe application, a component of Lotus Domino Server, by sending an HTTP request with an invalid value for the If-Modified-Since parameter. June 15, 2010 Windows Exploits/Remote
UnrealIRCd Backdoor Unauthorized Access Exploit This module exploits a remote command execution vulnerability found in UnrealIRCd by using an unauthorized backdoor. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. June 16, 2010 Solaris Exploits/Remote
RealNetworks Helix Server AgentX Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow vulnerability in AgentX++, as distributed with Helix Server, by sending multiple blocks of data to the port 705/TCP. May 4, 2010 Windows Exploits/Remote
Microsoft Windows Media Services Remote Exploit (MS10-025) Update This module exploits a remote buffer overflow in the Microsoft Windows Media Services by sending a specially crafted packet to the 1755/TCP port. This module also works against targets with the original MS10-025 update installed. April 26, 2010 Windows Exploits/Remote
RemoteExec REC File Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing RemoteExec Computers List files. This can be exploited to cause a stack-based buffer overflow via a ".rec" file having an overly long line. May 6, 2010 Windows Exploits/Client Side
One Link Multiple Clientsides Modules Update This update adds support for several additional ActiveX exploits. March 4, 2010 Windows Exploits/Client Side
Symantec Altiris Deployment Solution RunCmd Buffer Overflow Exploit This module exploits a vulnerability in the AeXNSConsoleUtilities.dll control included in the Symantec ConsoleUtilities application. The vulnerability is triggered when the RunCmd method processes a long string argument resulting in a stack-based buffer overflow. February 3, 2010 Windows Exploits/Client Side
Novell iPrint Client Date Time Parameter Buffer Overflow Exploit This module exploits a vulnerability in the ienipp.ocx control included in the Novell iPrint Client application. The exploit is triggered when the Date Time parameter processes a long string argument resulting in a stack-based buffer overflow. December 20, 2009 Windows Exploits/Client Side
Microsoft Internet Explorer Style Object Remote Code Execution Exploit This module exploits a vulnerability in Microsoft Internet Explorer when handling a specially crafted STYLE HTML tag when accessed via the document.getElementsByTagName JavaScript function. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. November 23, 2009 Windows Exploits/Client Side
Microsoft Windows GP Trap Handler Privilege Escalation Exploit Incorrect assumptions in the support code of legacy 16bit applications in Microsoft Windows operating systems allows local users to gain system privileges via the "NtVdmControl" system call. This module exploits the vulnerability and installs an agent with system privileges. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. January 19, 2010 Windows Exploits/Local
AlleyCode Optimizer Buffer Overflow Exploit Alleycode HTML Editor fails when optimizing certain malformed HTML pages,leading to a stack-based buffer overflow that can be exploited to execute arbitrary code. October 20, 2009 Windows Exploits/Client Side
Blender Embedded Script Exploit This module abuses the scripting functionality in Blender to trigger remote code execution via a blender file with an embedded python script. November 4, 2009 Windows Exploits/Client Side