Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Symantec Endpoint Manager PowerPoint Misaligned Stream-Cache Privilege Escalation Exploit The vulnerability resides in parsing crafted Microsoft PowerPoint documents and produces a buffer overflow in the stack, leading to a privilege escalation to System. CVE-2016-2209 Exploits/Local Windows
Symantec Veritas VRTSweb Privilege Escalation Exploit Update This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port, allowing local users to gain elevated privileges. This update adds support for Windows 2008. CVE-2009-3027 Exploits/Local Windows
Linux mem_write Local Privilege Escalation Due to insuficient checks when accessing the memory of a process vi /proc/PID/mem the linux kernel is prone to a privilige escalation. CVE-2012-0056 Exploits/Local Linux
Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. CVE-2013-5065 Exploits/Local Windows
Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-4398 Exploits/Local Windows
Linux apport Race Condition Privilege Escalation Exploit This module exploits a vulnerability in the Linux apport application. The apport application can be forced to drop privileges to uid 0 and write a corefile anywhere on the system. This can be used to write a corefile with crafted contents in a suitable location to gain root privileges. CVE-2015-1325 Exploits/Local Linux
Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Exploit (MS16-098) This module exploits a vulnerability in win32k.sys by creating special Windows menues with crafted parameters. CVE-2016-3308 Exploits/Local Windows
Linux ptrace x86_64 ia32syscall emulation exploit This module exploits a vulnerability in Linux for x86_64. The IA32 system call emulation functionality does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the %RAX register and escalate privileges. CVE-2007-4573 Exploits/Local Linux
Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit Update (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-2005 Exploits/Local Windows
Microsoft Windows On-Screen Keyboard Mouse Input Privilege Escalation Exploit (MS14-039) The On-Screen Keyboard application of Microsoft Windows is prone to a privilege escalation vulnerability when handling mouse input originated from a process running with Low Integrity Level. This vulnerability allows an agent running with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-2781 Exploits/Local Windows
Linux Kernel Vmsplice() Privilege Escalation Exploit Exploits a missing verification of parameters within the vmsplice_to_user(), copy_from_user_mmap_sem(), and get_iovec_page_array() functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted vmsplice() system call, and allows an unprivileged process to elevate privileges to root. CVE-2008-0600 Exploits/Local Linux
AIX Setlocale Function Local Privilege Escalation Exploit The AIX Setlocale Function is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete compromise of the affected computer. CVE-2006-4254 Exploits/Local AIX
Adobe Reader X AdobeCollabSync Buffer Overflow Sandbox Bypass Exploit Update This module allows an agent running in the context of AcroRd32.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. This update fixes an issue related to highlight preconditions when running against x86-64 targets. CVE-2013-2730 Exploits/Local Windows
Apple Mac OS X HFS Plus Local Privilege Escalation Exploit XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler. This allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. CVE-2009-1235 Exploits/Local Mac OS X
Linux Kernel Sock_Sendpage Local Privilege Escalation Exploit Update The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. This update adds the 'one-shot' tag to the XML of the module. CVE-2009-2692 Exploits/Local Linux
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 4 This update adds support to Microsoft Windows Vista and Microsoft Windows 7 ( only DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) This module exploits a vulnerability in win32k.sys when a "window" is created. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0485 Exploits/Local Windows
Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. This update adds support for Windows Vista and Windows Server 2008. CVE-2010-4398 Exploits/Local Windows
VMware Shared Folders Directory Traversal Exploit This module exploits a vulnerability in VMware shared folders. CVE-2008-0923 Exploits/Local Windows
ESET Smart Security EPFW.SYS Privilege Escalation Exploit This module exploits a vulnerability in ESET Smart Security EPWF.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-5724 Exploits/Local Windows
FreeBSD NFS Client Privilege Escalation Exploit The NFS client subsystem in FreeBSD fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted. This may cause a kernel stack overflow that can be exploited by local users to gain root privileges. CVE-2010-2020 Exploits/Local FreeBSD
FreeBSD mmap ptrace Privilege Escalation Exploit This module exploits a vulnerability in FreeBSD. The FreeBSD virtual memory system allows files to be memory-mapped. All or parts of a file can be made available to a process via its address space. The process can then access the file using memory operations rather than filesystem I/O calls. Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access. CVE-2013-2171 Exploits/Local FreeBSD
WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit Windows 2003 Support This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update adds support for Windows 2003. CVE-2007-3681 Exploits/Local Windows
Microsoft Internet Explorer NonQuotedCmdLine Protected Mode Escape Exploit (MS13-055) An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-4015 Exploits/Local Windows
Microsoft Windows Task Scheduler Service Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. This update adds support for Windows 7 and Windows 2008 x64. CVE-2010-3338 Exploits/Local Windows
Novell Client 2 NICM.SYS Privilege Escalation Exploit This module exploits a vulnerability in the NICM.SYS driver shipped with Novell Client 2 when handling specially crafted IOCTL requests. CVE-2013-3956 Exploits/Local Windows
PAM Motd Privilege Escalation Exploit PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps.A local attacker could exploit this to gain root privileges. CVE-2010-0832 Exploits/Local Linux
Microsoft Windows MQAC.sys Arbitrary Write Local Privilege Escalation Exploit The MQ Access Control Driver (mqac.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x1965020F) to the vulnerable driver. CVE-2014-4971 Exploits/Local Windows
FreeBSD Kernel Protosw Privilege Escalation Exploit The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "socket()" system call, and allows an unprivileged process to elevate privileges to root or escape a FreeBSD jail. CVE-2008-5736 Exploits/Local FreeBSD
Linux vixie-cron exploit do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf CVE-2006-2607 Exploits/Local Linux