Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Microsoft WINS Input Validation Exploit (MS11-070) Update This module adds support to Microsoft Windows 2008. This module exploits a vulnerability on Microsoft WINS service sending crafted UDP packets to the WINS-RPC local port. CVE-2011-1984 Exploits/Local Windows
Microsoft IIS MS08-006 Exploit update This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. This update adds support for 2003 Enterprise Sp1 and bypasses DEP in already supported platforms. CVE-2008-0075 Exploits/Local Windows
Windows Image Acquisition CmdLine exploit The Window Image Acquisition (WIA) Service in Microsoft Windows XP allows local users to gain privileges via a stack overflow when processing the bsCmdLine parameter of the IWiaDevMgr::RegisterEventCallbackProgram function. CVE-2007-0210 Exploits/Local Windows
Symantec Endpoint Manager PowerPoint Misaligned Stream-Cache Privilege Escalation Exploit The vulnerability resides in parsing crafted Microsoft PowerPoint documents and produces a buffer overflow in the stack, leading to a privilege escalation to System. CVE-2016-2209 Exploits/Local Windows
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-047) Update This update adds support to Impact 12.5 This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-1890 Exploits/Local Windows
Anti Keylogger Elite Privilege Escalation Exploit Update 2 This module exploits a vulnerability in Anti keylogger elite when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x002224A4 handler in the AKEProtect.sys device driver in Anti Keylogger Elite allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges. This update improves the checks to verify whether the vulnerable application is installed or not. CVE-2008-5049 Exploits/Local Windows
Microsoft Windows MS-DOS Device Name Privilege Escalation Exploit(MS15-038) An elevation of privilege vulnerability exists when Windows kernel does not properly constrain impersonation levels. The vulnerability occurs because a user can place symlinks for the system drives in the per-login session device map and the kernel will follow them during impersonation. An attacker who successfully exploited this vulnerability may, for example, redirect a call to LoadLibrary, from a system service (when impersonating), to an arbitrary location. CVE-2015-1644 Exploits/Local Windows
VMware Shared Folders Directory Traversal Exploit This module exploits a vulnerability in VMware shared folders. CVE-2008-0923 Exploits/Local Windows
Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Exploit (MS16-098) This module exploits a vulnerability in win32k.sys by creating special Windows menues with crafted parameters. CVE-2016-3308 Exploits/Local Windows
Microsoft Windows Token Kidnapping Local Privilege Escalation Exploit (MS09-012) This module exploits a vulnerability in the way that Microsoft Windows manages the RPCSS service and improperly isolates processes running under the NetworkService or LocalService accounts. This can be exploited to execute arbitrary code with System privileges. CVE-2008-1436 Exploits/Local Windows
Xen Pygrub Command Injection exploit This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. CVE-2007-4993 Exploits/Local Linux
Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. CVE-2011-1249 Exploits/Local Windows
Linux Kernel DCCP_PKT_REQUEST Privilege Escalation Exploit This module exploits a double-free vulnerability in the Linux Kernel. The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to escalate privileges via an application that makes an IPV6_RECVPKTINFO setsockopt system call. CVE-2017-6074 Exploits/Local Linux
Microsoft Windows Kernel NDProxy Vulnerability Exploit (MS14-002) This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. This module is an update of the original "Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit" module. Besides, this module adds support to Windows 2003 SP2 64 bits edition. CVE-2013-5065 Exploits/Local Windows
WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-3681 Exploits/Local Windows
Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 3 This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This update adds support to Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8 and Windows 2012 (all 64 bit versions). CVE-2014-1767 Exploits/Local Windows
ProFTPD Controls Buffer Overflow Exploit The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to Windows 8 and Windows 2012. CVE-2015-2426 Exploits/Local Windows
Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. CVE-2014-4113 Exploits/Local Windows
Microsoft Windows Font Library File Buffer Overrun Vulnerability Exploit (MS11-077) When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header. CVE-2011-2003 Exploits/Local Windows
Microsoft IIS MS08-006 exploit This module exploits a stack buffer overflow vulnerability in Microsoft Internet Information Server 5.1 through 6.0. WARNING: This is an early release module. CVE-2008-0075 Exploits/Local Windows
CSRSS facename exploit Update 2 This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0551 Exploits/Local Windows
Linux ptrace x86_64 ia32syscall emulation exploit This module exploits a vulnerability in Linux for x86_64. The IA32 system call emulation functionality does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the %RAX register and escalate privileges. CVE-2007-4573 Exploits/Local Linux
Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. CVE-2011-2005 Exploits/Local Windows
TrueCrypt Privilege Escalation Exploit This module exploits a vulnerability in TrueCrypt 4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. This exploit mounts a temporary, especially crafted TrueCrypt volume in the /lib/tls directory and executes a setuid application to bypass security controls and execute an agent as root. CVE-2007-1738 Exploits/Local Linux
Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program. CVE-2014-1807 Exploits/Local Windows
GNU ld.so Arbitrary Dlopen Privilege Escalation Exploit The GNU C dynamic linker (ld.so) is prone to a local privilege- escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. CVE-2010-3856 Exploits/Local Linux
Adobe Acrobat Reader armsvc Service Privilege Escalation Exploit Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106. CVE-2015-5090 Exploits/Local Windows
Linux Kernel Vmsplice() Privilege Escalation Exploit Exploits a missing verification of parameters within the vmsplice_to_user(), copy_from_user_mmap_sem(), and get_iovec_page_array() functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted vmsplice() system call, and allows an unprivileged process to elevate privileges to root. CVE-2008-0600 Exploits/Local Linux
Microsoft Windows Win32k Empty PFB File Exploit (MS16-151) This module exploits a vulnerability in win32k.sys by loading a Printer Font Metric (PFM) file associated to an empty Printer Font Binary (PFB) file. CVE-2016-7259 Exploits/Local Windows