Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description CVE Link Exploit Platform Exploit Type
Adobe Flash Player PCRE regex Exploit This module exploits a compilation logic error in the PCRE engine in Adobe Flash Player. The handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary code execution of PCRE bytecode. Windows Exploits/Client Side
Adobe Flash Player Pixel Bender Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player in the flash.Display.Shader class when setting a Pixel Bender Filte as the Shader bytecode. This vulnerability has been found exploited in-the-wild during April 2014. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Flash Player ShaderJob Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in Adobe Flash Player. The specific flaw exists when the "width" attribute of a ShaderJob is modified after starting the job allowing to an attacker to control the size of a destination buffer and the lenght of the copy operation. Windows Exploits/Client Side
Adobe Flash Player shared ByteArray Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The method ByteArray::clear does not notify the suscriber when frees the memory assigned to a ByteArray object leaving a dangling pointer that can be later dereferenced. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file. This vulnerability was found exploited in the wild in February 2015. Windows Exploits/Client Side
Adobe Flash Player shared ByteArray Use-After-Free Exploit Update This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The method ByteArray::clear does not notify the suscriber when frees the memory assigned to a ByteArray object leaving a dangling pointer that can be later dereferenced. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file. This vulnerability was found exploited in the wild in February 2015. This updates adds support for Windows 8 and 8.1. Windows Exploits/Client Side
Adobe Flash Player SharedObject Use-After-Free Exploit Adobe Flash Player is prone to a use-after-free vulnerability when finishing a Worker thread containing a SharedObject. This vulnerability can be exploited to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a web site containing a specially crafted SWF file. Windows Exploits/Client Side
Adobe Flash Player SWF Buffer Overflow Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. Windows Exploits/Client Side
Adobe Flash Player SWF Buffer Overflow Exploit Update This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. This update adds support for Windows Vista. Windows Exploits/Client Side
Adobe Flash Player SWF Buffer Overflow Exploit Update 2 This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. This update resolves an issue with how the exploit uses client side cookies. Windows Exploits/Client Side
Adobe Flash Player SWF Content Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. Windows Exploits/Client Side
Adobe Flash Player SWF Content Exploit Update This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. This update adds support for One Link Multiple Clientsides. Windows Exploits/Client Side
Adobe Flash Player SWF File Memory Corruption Exploit Adobe Flash Player is prone to a memory corruption vulnerability when parsing a specially crafted .SWF file, which can be exploited by remote attackers to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site. This vulnerability has been found exploited in-the-wild during April 2011. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Flash Player SWF File Memory Corruption Exploit Update Adobe Flash Player is prone to a memory corruption vulnerability when parsing a specially crafted .SWF file, which can be exploited by remote attackers to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site. This vulnerability has been found exploited in-the-wild during April 2011. This update adds support for Windows Seven. Windows Exploits/Client Side
Adobe Flash Player SWF File Uninitialized Memory Exploit A vulnerability has been identified in Adobe Flash Player, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an uninitialized memory access triggered by a specially crafted .SWF file, which could be exploited by attackers to execute arbitrary code. This vulnerability has been found exploited in-the-wild during March 2011. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Flash Player SWF Load Crafted Module Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a SWF file and this load a crafted dll module. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Flash Player SWF Load Crafted Module Exploit Update This module exploits a vulnerability in Adobe Flash Player triggered when processing a SWF file and this load a crafted dll module. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This update improves the reliability of the exploit. Windows Exploits/Client Side
Adobe Flash Player SWF Load Crafted Module Exploit Update 2 This module exploits a vulnerability in Adobe Flash Player triggered when processing a SWF file and this load a crafted dll module. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This update improves the reliability of the exploit. Windows Exploits/Client Side
Adobe Flash Player Type Confusion Exploit This module exploits a type confusion vulnerability in Adobe Flash Player. This vulnerability has been found exploited in-the-wild during December 2013. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. Windows Exploits/Client Side
Adobe Flash Player Type Confusion Exploit Update This module exploits a type confusion vulnerability in Adobe Flash Player. This vulnerability has been found exploited in-the-wild during December 2013. This update improves module documentation, exploit code and adds more vulnerable Adobe Flash Player versions. Windows Exploits/Client Side
Adobe Flash Player _error Object Confusion Exploit This module exploits an object type confusion vulnerability in Adobe Flash Player. The specific error occurs due to the way Adobe Flash handles the AMF0 response (_error) when connecting to a malicious RTMP server. By supplying a crafted AMF0 response it is possible to execute arbitrary code in the context of the vulnerable application. Windows Exploits/Client Side
Adobe Flash Professional CS5 dwmapi DLL Hijacking Exploit Adobe Flash Professional CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .FLA file. Windows Exploits/Client Side
Adobe Illustrator CS4 aires DLL Hijacking Exploit Adobe Illustrator is prone to a vulnerability that may allow execution of aires.dll if this dll is located in the same folder than the .AIT file. Windows Exploits/Client Side
Adobe Illustrator CS4 Encapsulated Postscript Buffer Overflow Exploit Adobe Illustrator is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Specifically, overly long DSC comments in Encapsulated PostScript .EPS files may corrupt memory. Windows Exploits/Client Side
Adobe Illustrator CS5 dwmapi DLL Hijacking Exploit Adobe Illustrator CS5 is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .AIT file. Windows Exploits/Client Side
Adobe InDesign CS4 dwmapi DLL Hijacking Exploit Adobe InDesign CS4 is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .INX file. Windows Exploits/Client Side