Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort ascending Description Vulnerabilty Category Platform
CyberLink Power2Go dwmapi DLL Hijacking Exploit Update CyberLink Power2Go is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .P2G file. NOCVE-9999-46014 Exploits/Client Side Windows
CyberLink Power2Go dwmapi DLL Hijacking Exploit CyberLink Power2Go is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .P2G file. NOCVE-9999-46014 Exploits/Client Side Windows
CyberLink Power Director dwmapi DLL Hijacking Exploit CyberLink Power Director is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PDL file. NOCVE-9999-46015 Exploits/Client Side Windows
CyberGhost CG6Service Service SetPeLauncherState Vulnerability Local Privilege Escalation Exploit The CG6Service Service in CyberGhost has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process. NOCVE-9999-85362 Exploits/Local Windows
CVS pserver Directory Command Double free() Exploit Update By sending a malformed 'Directory' request it is possible to create a condition where free() is called on memory that is still in use. This can result in an exploitable condition when free() is called on the memory chunk a second time. The agent installed by this exploit runs with administrative privileges. This update improve the exploit reliability. CVE-2003-0015 Exploits/Remote Linux
CSRSS facename exploit Update 2 This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target. CVE-2005-0551 Exploits/Local Windows
CSRSS facename exploit update This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. This update improve the exploit reliability in windows 2003. CVE-2005-0551 Exploits/Local Windows
CSRSS facename exploit This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process. Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. CVE-2005-0551 Exploits/Local Windows
Csound hetro File Handling Stack Buffer Overflow Exploit Buffer overflow in Csound exists when trying to import a malicious hetro file in tabular format. In order to achieve exploitation the user should import the malicious file through csound with a console command like: "csound -U het_import project.csd file.het". NOCVE-9999-53507 Exploits/Client Side Windows
Crystal Reports Viewer Activex Exploit The vulnerability is caused due to a boundary error in PrintControl.dll ActiveX control when processing the ServerResourceVersion property and can be exploited via an overly long string. CVE-2010-2590 Exploits/Client Side Windows
Creative Software AutoUpdate ActiveX Exploit Update This module exploits a vulnerability in the CTSUEng.ocx control included in the Creative Software AutoUpdate application. The exploit is triggered when the CacheFolder property processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This update add support till 2.0.12.0 version of CTSUEng.ocx. CVE-2008-0955 Exploits/Client Side Windows
Creative Software AutoUpdate ActiveX Exploit This module exploits a vulnerability in the CTSUEng.ocx control included in the Creative Software AutoUpdate application. The exploit is triggered when the CacheFolder property processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-0955 Exploits/Client Side Windows
CorelDRAW X3 crlrib DLL Hijacking Exploit CorelDRAW X3 is prone to a vulnerability that may allow execution of crlrib.dll if this dll is located in the same folder than .CSL file. NOCVE-9999-45847 Exploits/Client Side Windows
CorelDRAW Graphics Suite X7 Wintab32 DLL Hijacking Exploit Untrusted search path vulnerability in CorelDRAW X7 17.1.0.572, Corel Photo-Paint X7 17.1.0.572, Corel PaintShop Pro X7 17.0.0.199, Corel Painter 2015 14.0.0.728, Corel PDF Fusion 1.12 Build 16/04/2013 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as an .cdr, .cpt, .pspimage, .rif or .pdf file. CVE-2014-8393 Exploits/Client Side Windows
CorelCAD Multiple DLL Hijacking Exploit Untrusted search path vulnerability in CorelCAD 2014.5 Build 14.4.51 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse FxManagedCommands_3.08_9.tx or TD_Mgd_3.08_9.dll that is located in the same folder as an .dwt file. CVE-2014-8394 Exploits/Client Side Windows
Corel VideoStudio Pro X7 and FastFlix u32ZLib DLL Hijacking Exploit Untrusted search path vulnerability in Corel VideoStudio Pro X7 17.0.0.249 and Corel FastFlix 17.0.0.249 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll that is located in the same folder as an .vsp or .vfp file. CVE-2014-8397 Exploits/Client Side Windows
Corel PHOTO-PAINT crlrib DLL Hijacking Exploit Corel PHOTO-PAINT is prone to a vulnerability that may allow execution of crlrib.dll if this dll is located in the same folder than .CPT file. NOCVE-9999-45846 Exploits/Client Side Windows
Corel PDF Fusion XPS Processing Buffer Overflow Exploit Corel PDF Fusion is prone to a stack-based buffer overflow vulnerability when parsing long names in ZIP directory entries within an XPS file. CVE-2013-3248 Exploits/Client Side Windows
Corel PDF Fusion Quserex DLL Hijacking Exploit Untrusted search path vulnerability in Corel PDF Fusion 1.12 Build 16/04/2013 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as an .pdf file. CVE-2014-8396 Exploits/Client Side Windows
Corel PaintShop Pro X5 dwmapi DLL Insecure Library Loading Exploit Corel Paint Shop Pro is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .JPG file. CVE-2013-0733 Exploits/Client Side Windows
Corel Painter Wacommt DLL Hijacking Exploit Untrusted search path vulnerability in Corel Painter 2015 14.0.0.728 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll that is located in the same folder as an .rif file. CVE-2014-8395 Exploits/Client Side Windows
Corel Paint Shop Pro Photo Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of .PNG files and can be exploited to cause a stack-based buffer overflow via a specially crafted .PNG file. CVE-2007-2366 Exploits/Client Side Windows
Corel FastFlix Multiple DLL Hijacking Exploit Untrusted search path vulnerability in Corel FastFlix 17.0.0.249 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse igfxcmrt32.dll or ipl.dll or MSPStyleLib.dll or uFioUtil.dll or uhDSPlay.dll or uipl.dll or uvipl.dll or VC1DecDll.dll or VC1DecDll_SSE3.dll that is located in the same folder as an .vfp file. CVE-2014-8398 Exploits/Client Side Windows
Core Player M3U Playlist Buffer Overflow Exploit A Buffer Overflow exist in Core Player when parsing .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. NOCVE-9999-58790 Exploits/Client Side Windows
Coppermine picEditor Remote Code Execution Exploit The include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) (before 1.4.15), when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via a shell. CVE-2008-0506 Exploits/Remote Solaris, Mac OS X
CoolPlayer m3u playlist Exploit The vulnerability is caused due to boundary errors in CoolPlayer within the processing of M3U files. CoolPlayer fails to check the length of the string in M3U playlist archives, allowing an attacker to cause a stack overflow in order to execute arbitrary code. CVE-2006-6288 Exploits/Client Side Windows
Cool PDF Reader Buffer Overflow Exploit Cool PDF Reader is prone to a buffer-overflow when handling pdf documents with a specially crafted stream. CVE-2012-4914 Exploits/Client Side Windows
Control Microsystems ClearSCADA Remote DoS Update This module exploits a vulnerability in the ClearSCADA Server service by sending a malformed packet to the 5481/TCP port to crash the application. This Update increases the MAX TRIES default value because it has not been reliable. CVE-2011-3143 Denial of Service/Remote Windows
Control Microsystems ClearSCADA Remote DoS This module exploits a vulnerability in the ClearSCADA Server service by sending a malformed packet to the 5481/TCP port to crash the application. NOCVE-9999-47161 Denial of Service/Remote Windows
ConQuest DICOM Server Buffer Overflow Exploit The vulnerability is caused due to the usage of vulnerable collection of libraries that are part of DCMTK Toolkit, specifically the parser for the DICOM Upper Layer Protocol or DUL. Buffer overflow/underflow can be triggered when sending and processing wrong length of ACSE data structure received over the network by the DICOM Store-SCP service. NOCVE-9999-84105 Exploits/Remote Windows