Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description CVE Link Exploit Platform Exploit Type
Adobe Device Central CS5 dwmapi DLL Hijacking Exploit Adobe Device Central CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .ADCP file. Windows Exploits/Client Side
Adobe Dreamweaver CS5 dwmapi DLL Hijacking Exploit Adobe Dreamweaver CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .DWT file. Windows Exploits/Client Side
Adobe ExtendScript Toolkit dwmapi DLL Hijacking Exploit Adobe ExtendScript Toolkit is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .JSX file. Windows Exploits/Client Side
Adobe Extension Manager CS5 dwmapi DLL Hijacking Exploit Adobe Extension Manager CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .MXI file. Windows Exploits/Client Side
Adobe Flash Player ActiveX SWF Memory Corruption Exploit This module exploits a memory corruption vulnerability in Adobe Flash Player when parsing a specially crafted .SWF file, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site. Windows Exploits/Client Side
Adobe Flash Player Arguments Indexing Exploit Flash Player is prone to a memory corruption vulnerability that is caused by the lack of bounds-checking when indexing the arguments of a function. This can be exploited to execute arbitrary code by enticing an unsuspecting user to visit a malicious Web page containing a specially crafted SWF file. This exploit bypasses ASLR and DEP in order to deploy an agent. Windows Exploits/Client Side
Adobe Flash Player AS2 NetConnection Type Confusion Exploit This module exploits a Type Confusion vulnerability in Adobe Flash Player. The specific flaw exist in the ActionScript 2 NetConnection class. When a NetConnection method is called with a parameter that is a native function object, its native data can be specified as a Number by the caller, but be interpreted as a pointer. This allows to overwrite different objects like vectors and finally accomplish remote code execution. Windows Exploits/Client Side
Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists within the processing of AS3 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. This vulnerability was one of the 2015's Pwn2Own challenges. Windows Exploits/Client Side
Adobe Flash Player AS3 Function.apply Integer Overflow Exploit This module exploits an integer overflow vulnerability in Adobe Flash Player. The signed integer overflow exists inside the AS3 Function.apply() method and allows an attacker to take control of a vulnearble target and execute arbitrary code. Windows Exploits/Client Side
Adobe Flash Player AVM2 Integer Underflow Exploit This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. Windows Exploits/Client Side
Adobe Flash Player AVM2 Integer Underflow Exploit Update This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014. This update adds support for Windows 7 x64, Windows Server 2008 x64 and Windows Server 2008 R2 x64. Windows Exploits/Client Side
Adobe Flash Player ByteArray UncompressViaZlibVariant Use-After-Free Exploit Adobe Flash Player is prone to a use-after-free vulnerability because the ByteArray::UncompressViaZlibVariant method frees an object while leaving a dangling pointer that can be later dereferenced. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file. Windows Exploits/Client Side
Adobe Flash Player ByteArray UncompressViaZlibVariant Use-After-Free Exploit Update Adobe Flash Player is prone to a use-after-free vulnerability because the ByteArray::UncompressViaZlibVariant method frees an object while leaving a dangling pointer that can be later dereferenced. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file. This update adds support for Windows 8 and Windows 8.1. Windows Exploits/Client Side
Adobe Flash Player ByteArray valueOf Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. This vulnerability was found on the HackingTeam's leak on July 2015. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. Windows Exploits/Client Side
Adobe Flash Player ByteArray write method Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists when the suscriber is not notified if a ByteArray assigned to the ApplicationDomain is freed from an ActionScript worker. By forcing a reallocation by copying more contents than the original capacity to the shared buffer by using the ByteArray::writeBytes method call, the ApplicationDomain pointer is not updated leading to a use-after-free vulnerability. This allows to overwrite different objects like vectors and finally accomplish remote code execution. Windows Exploits/Client Side
Adobe Flash Player casi32 Integer Overflow Exploit This module exploits an integer overflow in Adobe Flash Player. The specific flaw exists within the implementation of casi32. The issue lies in the failure to properly sanitize a user-supplied length value with a specific array implementation. An attacker can leverage this vulnerability to execute code within the context of the current process. Windows Exploits/Client Side
Adobe Flash Player Content Processing Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. Windows Exploits/Client Side
Adobe Flash Player copyPixelsToByteArray Heap Buffer Overflow Exploit This module exploits a heap-based buffer overflow in Adobe Flash Player. The bug is triggered by calling BitmapData.copyPixelsToByteArray() with a reference to a ByteArray that has its position property set very large, close to 2^32. This results in an integer overflow in 32-bit arithmetic and allows an attacker to take control of the target machine. Windows Exploits/Client Side
Adobe Flash Player Drawing Fill Shader Memory Corruption Exploit This module exploits a memory corruption vulnerability in Adobe Flash Player. The specific flaw exists when a Shader is applied as a drawing fill allowing an attacker to take control of a vulnerable machine and execute arbitrary code. This vulnerability was found exploited in the wild on June 2015. Windows Exploits/Client Side
Adobe Flash Player FLV Nellymoser Decoding Heap Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player when parsing malformed FLV objects. Attackers exploiting the vulnerability can corrupt memory and gain remote code execution. Windows Exploits/Client Side
Adobe Flash Player FLV Parsing Memory Corruption Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player when parsing malformed FLV objects. Attackers exploiting the vulnerability can corrupt memory and gain remote code execution. This vulnerability has been found exploited in the wild in June 2015 in the Operation Clandestine Wolf campaign. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Flash Player Linux Command Injection Exploit This module exploits a command injection in Adobe Flash Player triggered when processing a specially crafted SWF file. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This exploit needs the product Adobe Air (Any version) installed on the vulnerable system. Linux Exploits/Client Side
Adobe Flash Player MP4 cprt Buffer Overflow Exploit A memory corruption vulnerability in Adobe Flash Player allows attackers to execute arbitrary code sending a crafted MP4 file. Windows Exploits/Client Side
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow Exploit A buffer overflow vulnerability when handling MP4 files that lead to code execution. Windows Exploits/Client Side
Adobe Flash Player opaqueBackground property Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw is in the opaqueBackground property within the setter of the flash.display.DisplayObject class. This vulnerability was found in the HackingTeam's leak on July 2015. ARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side