Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 2 This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This update adds support to Impact 2014 R2. CVE-2014-1767 Exploits/Local Windows
Libdbus DBUS_SYSTEM_BUS_ADDRESS Variable Local Privilege Escalation Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. CVE-2012-3524 Exploits/Local Linux
Microsoft Windows MiCreatePagingFileMap DoS (MS09-058) This module exploits a vulnerability in Microsoft Windows via a specially crafted call to the vulnerable function. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-2515 Exploits/Local Windows
FreeBSD Sysret Instruction Privilege Escalation Exploit On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local FreeBSD
Microsoft Windows Kernel ATMFD Font Vulnerability Exploit This module exploits a vulnerability in atmfd.sys module by loading a crafted OTF font. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-73027 Exploits/Local Windows
Linux Kernel Ext4 Move Extents IOCTL Privilege Escalation Exploit Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. A local user can invoke the Ext4 'move extents' ioctl call, with certain options to execute arbitrary code and gain privileged access. Successful exploits will result in the complete compromise of affected computers. CVE-2009-4131 Exploits/Local Linux
Oracle VirtualBox Guest Additions Arbitrary Write Local Privilege Escalation Exploit The Oracle VirtualBox Guest Additions Driver (VBoxGuest.sys) present in Oracle VirtualBox is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x22A040) to the vulnerable driver within the Windows Guest OS. CVE-2014-2477 Exploits/Local Windows
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 2 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 64 bits and "Windows 2012" R2 by using a kernel memory leak (CVE-2015-2433). Besides, this updates improves AV evasion. CVE-2015-2426 Exploits/Local Windows
Trend Micro InterScan Web Security Suite Privilege Escalation Exploit This module exploits a local vulnerability in Trend Micro IWSS to gain elevated privileges on the affected computer. NOCVE-9999-50131 Exploits/Local Solaris, Linux
Linux Kernel UDEV Local Privilege Escalation Exploit The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. CVE-2009-1186 Exploits/Local Linux
Oracle VirtualBox VBoxSF.sys IOCTL_MRX_VBOX_DELCONN Privilege Escalation Exploit The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. CVE-2014-0405 Exploits/Local Windows
GNU Glibc ld.so ORIGIN Privilege Escalation Exploit The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3847 Exploits/Local Linux
Microsoft Windows Token Kidnapping Local Privilege Escalation Exploit (MS09-012) This module exploits a vulnerability in the way that Microsoft Windows manages the RPCSS service and improperly isolates processes running under the NetworkService or LocalService accounts. This can be exploited to execute arbitrary code with System privileges. CVE-2008-1436 Exploits/Local Windows
Linux Kernel x86_64 Ptrace Sysret Privilege Escalation Exploit On x86_64 Intel CPUs, sysret to a non-canonical address causes a fault on the sysret instruction itself after the stack pointer has been set to a usermode-controlled value, but before the current privilege level (CPL) is changed. A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities. This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system. CVE-2014-4699 Exploits/Local Linux
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 3 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 32 bits by using a kernel memory leak (CVE-2015-2433). CVE-2015-2426 Exploits/Local Windows
Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 4 This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters. This update improves the exploit reliability when 64-bit targets have more than 4GB of RAM memory. CVE-2014-1767 Exploits/Local Windows
Trend Micro Titanium Maximum Security TMTDI.SYS Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Trend Micro Titanium Maximum Security tmtdi.sys driver. The vulnerable driver trusts a dword passed from user mode via IOCTL 0x220404, and interprets it as a function pointer without performing validations. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-45910 Exploits/Local Windows
Microsoft Windows Font Library File Buffer Overrun Vulnerability Exploit (MS11-077) When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header. CVE-2011-2003 Exploits/Local Windows
Microsoft Windows SMB Credential Reflection Exploit (MS08-068) This module implements the SMB Relay attack to install an agent in the target machine. CVE-2008-4037 Exploits/Local Windows
Linux Kernel join_session_keyring Reference Counting Privilege Escalation Exploit The join_session_keyring() function in security/keys/process_keys.c in the Linux kernel is prone to a reference counter overflow that occurs when a process repeatedly tries to join an already existing keyring. This vulnerability can be leveraged by local unprivileged attackers to gain root privileges on the affected systems. CVE-2016-0728 Exploits/Local Linux
Microsoft .NET Runtime Optimization Service Privilege Escalation Exploit The .NET Runtime Optimization Service, part of the .NET Framework, is prone to a privilege escalation vulnerability, which can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges. NOCVE-9999-47471 Exploits/Local Windows
FreeBSD mount Local Privilege Escalation Exploit FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. CVE-2008-3531 Exploits/Local FreeBSD
Microsoft Windows MS-DOS Device Name Privilege Escalation Exploit(MS15-038) An elevation of privilege vulnerability exists when Windows kernel does not properly constrain impersonation levels. The vulnerability occurs because a user can place symlinks for the system drives in the per-login session device map and the kernel will follow them during impersonation. An attacker who successfully exploited this vulnerability may, for example, redirect a call to LoadLibrary, from a system service (when impersonating), to an arbitrary location. CVE-2015-1644 Exploits/Local Windows
Windows Image Acquisition CmdLine exploit The Window Image Acquisition (WIA) Service in Microsoft Windows XP allows local users to gain privileges via a stack overflow when processing the bsCmdLine parameter of the IWiaDevMgr::RegisterEventCallbackProgram function. CVE-2007-0210 Exploits/Local Windows
Microsoft Internet Explorer XBAP Protected Mode Bypass Privilege Escalation Exploit The Protected Mode feature of Microsoft Internet Explorer can be bypassed by running an XBAP application from the local filesystem. This module allows an agent running with Low Integrity Level to install a new agent that will run with Medium Integrity Level. NOCVE-9999-49066 Exploits/Local Windows
Linux X.org MIT-SHM Extension Privilege Escalation Exploit This module exploits a integer overflow condition on local X.org servers with MIT-SHM extension activated. CVE-2007-6429 Exploits/Local Linux
Microsoft Windows Win32k SetParent Null Pointer Dereference Exploit (MS15-135) This module exploits a vulnerability in win32k.sys by calling to SetParent function with crafted parameters. CVE-2015-6171 Exploits/Local Windows
QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM) The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. CVE-2015-3456 Exploits/Local Linux
Sudoedit Privilege Escalation Exploit Update This module exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to execute any command as root including a shell, allowing an unprivileged process to elevate its privileges to root. This update adds OSX 10.6 (Snow Leopard) as supported target. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS10-073) Update This update adds support to Microsoft Windows 7. This module exploits a vulnerability on "win32k.sys" when a keyboard layout is loaded by the kernel. CVE-2010-2743 Exploits/Local Windows