Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort ascending Description Vulnerabilty Category Platform
DameWare Mini Remote Control Pre Auth Exploit This module exploits a vulnerability in the DameWare Mini Remote Control Service sending a specially crafted packet to the 6129/TCP port. CVE-2003-1030 Exploits/Remote Windows
Daemon Tools Lite mfc80loc DLL Hijacking Exploit Daemon Tools Lite is prone to a vulnerability that may allow execution of MFC80LOC.DLL if this dll is located in the same folder than .MDS file. NOCVE-9999-45004 Exploits/Client Side Windows
D-Link TFTP Transporting Mode Buffer Overflow Exploit D-Link TFTP Server 1.0 allows remote attackers to cause a buffer overflow via a long GET request, which triggers the vulnerability. CVE-2007-1435 Exploits/Remote Windows
Cytel StatXact Cytel Studio Buffer Overflow Exploit This module exploits a vulnerability in Cytel StatXact. The vulnerability is caused due to boundary error within the processing of .CY3 project files. This can be exploited to cause a stack-based buffer overflow when a specially crafted .CY3 file is opened. NOCVE-9999-49645 Exploits/Client Side Windows
Cytel LogXact Cytel Studio Buffer Overflow Exploit Cytel LogXact are vulnerable to a buffer overflow vulnerability during the copying of the strings in a stack buffer of 256 bytes. NOCVE-9999-49644 Exploits/Client Side Windows
CYME ChartFX Client Server ActiveX Control Exploit The vulnerability is caused due to an indexing error in the ShowPropertiesDialog()method inside the ChartFX.ClientServer.Core.dll ActiveX Control. This can be exploited to write a single byte value to an arbitrary memory location via the pageNumber parameter. NOCVE-9999-55501 Exploits/Client Side Windows
CyberLink Power2Go P2G Name Attribute Buffer Overflow Exploit A stack-based buffer overflow in CyberLink Power2Go allows an attacker to execute arbitrary code via an overly long name attribute in a .P2G file. NOCVE-9999-52040 Exploits/Client Side Windows
CyberLink Power2Go dwmapi DLL Hijacking Exploit Update CyberLink Power2Go is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .P2G file. NOCVE-9999-46014 Exploits/Client Side Windows
CyberLink Power2Go dwmapi DLL Hijacking Exploit CyberLink Power2Go is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .P2G file. NOCVE-9999-46014 Exploits/Client Side Windows
CyberLink Power Director dwmapi DLL Hijacking Exploit CyberLink Power Director is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PDL file. NOCVE-9999-46015 Exploits/Client Side Windows
CyberGhost CG6Service Service SetPeLauncherState Vulnerability Local Privilege Escalation Exploit The CG6Service Service in CyberGhost has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process. NOCVE-9999-85362 Exploits/Local Windows
CVS pserver Directory Command Double free() Exploit Update By sending a malformed 'Directory' request it is possible to create a condition where free() is called on memory that is still in use. This can result in an exploitable condition when free() is called on the memory chunk a second time. The agent installed by this exploit runs with administrative privileges. This update improve the exploit reliability. CVE-2003-0015 Exploits/Remote Linux
CSRSS facename exploit Update 2 This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0551 Exploits/Local Windows
CSRSS facename exploit update This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update improve the exploit reliability in windows 2003. CVE-2005-0551 Exploits/Local Windows
CSRSS facename exploit This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. CVE-2005-0551 Exploits/Local Windows
Csound hetro File Handling Stack Buffer Overflow Exploit Buffer overflow in Csound exists when trying to import a malicious hetro file in tabular format. In order to achieve exploitation the user should import the malicious file through csound with a console command like: "csound -U het_import project.csd file.het". NOCVE-9999-53507 Exploits/Client Side Windows
Crystal Reports Viewer Activex Exploit The vulnerability is caused due to a boundary error in PrintControl.dll ActiveX control when processing the ServerResourceVersion property and can be exploited via an overly long string. CVE-2010-2590 Exploits/Client Side Windows
Creative Software AutoUpdate ActiveX Exploit Update This module exploits a vulnerability in the CTSUEng.ocx control included in the Creative Software AutoUpdate application. The exploit is triggered when the CacheFolder property processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This update add support till 2.0.12.0 version of CTSUEng.ocx. CVE-2008-0955 Exploits/Client Side Windows
Creative Software AutoUpdate ActiveX Exploit This module exploits a vulnerability in the CTSUEng.ocx control included in the Creative Software AutoUpdate application. The exploit is triggered when the CacheFolder property processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-0955 Exploits/Client Side Windows
CorelDRAW X3 crlrib DLL Hijacking Exploit CorelDRAW X3 is prone to a vulnerability that may allow execution of crlrib.dll if this dll is located in the same folder than .CSL file. NOCVE-9999-45847 Exploits/Client Side Windows
CorelDRAW Graphics Suite X7 Wintab32 DLL Hijacking Exploit Untrusted search path vulnerability in CorelDRAW X7 17.1.0.572, Corel Photo-Paint X7 17.1.0.572, Corel PaintShop Pro X7 17.0.0.199, Corel Painter 2015 14.0.0.728, Corel PDF Fusion 1.12 Build 16/04/2013 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as an .cdr, .cpt, .pspimage, .rif or .pdf file. CVE-2014-8393 Exploits/Client Side Windows
CorelCAD Multiple DLL Hijacking Exploit Untrusted search path vulnerability in CorelCAD 2014.5 Build 14.4.51 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse FxManagedCommands_3.08_9.tx or TD_Mgd_3.08_9.dll that is located in the same folder as an .dwt file. CVE-2014-8394 Exploits/Client Side Windows
Corel VideoStudio Pro X7 and FastFlix u32ZLib DLL Hijacking Exploit Untrusted search path vulnerability in Corel VideoStudio Pro X7 17.0.0.249 and Corel FastFlix 17.0.0.249 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll that is located in the same folder as an .vsp or .vfp file. CVE-2014-8397 Exploits/Client Side Windows
Corel PHOTO-PAINT crlrib DLL Hijacking Exploit Corel PHOTO-PAINT is prone to a vulnerability that may allow execution of crlrib.dll if this dll is located in the same folder than .CPT file. NOCVE-9999-45846 Exploits/Client Side Windows
Corel PDF Fusion XPS Processing Buffer Overflow Exploit Corel PDF Fusion is prone to a stack-based buffer overflow vulnerability when parsing long names in ZIP directory entries within an XPS file. CVE-2013-3248 Exploits/Client Side Windows
Corel PDF Fusion Quserex DLL Hijacking Exploit Untrusted search path vulnerability in Corel PDF Fusion 1.12 Build 16/04/2013 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as an .pdf file. CVE-2014-8396 Exploits/Client Side Windows
Corel PaintShop Pro X5 dwmapi DLL Insecure Library Loading Exploit Corel Paint Shop Pro is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .JPG file. CVE-2013-0733 Exploits/Client Side Windows
Corel Painter Wacommt DLL Hijacking Exploit Untrusted search path vulnerability in Corel Painter 2015 14.0.0.728 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll that is located in the same folder as an .rif file. CVE-2014-8395 Exploits/Client Side Windows
Corel Paint Shop Pro Photo Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of .PNG files and can be exploited to cause a stack-based buffer overflow via a specially crafted .PNG file. CVE-2007-2366 Exploits/Client Side Windows
Corel FastFlix Multiple DLL Hijacking Exploit Untrusted search path vulnerability in Corel FastFlix 17.0.0.249 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse igfxcmrt32.dll or ipl.dll or MSPStyleLib.dll or uFioUtil.dll or uhDSPlay.dll or uipl.dll or uvipl.dll or VC1DecDll.dll or VC1DecDll_SSE3.dll that is located in the same folder as an .vfp file. CVE-2014-8398 Exploits/Client Side Windows