Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
IIS ASP Server-Side Include exploit update This update improves the reliability of the 'ISS ASP Server-Side Include exploit'. The module exploits a buffer overflow vulnerability in the SSINC.DLL file used by Microsoft IIS 5.0. The exploit is triggered by including long enough filenames in any ASP file. CVE-2002-0149 Exploits/Local Windows
Symantec Veritas VRTSweb Privilege Escalation Exploit This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port. That can be exploited by local users to gain elevated privileges. CVE-2009-3027 Exploits/Local Windows
Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-4398 Exploits/Local Windows
Apple Mac OS X XPC Entitlements Local Privilege Escalation Exploit The Admin framework in Apple OS X contains a hidden backdoor API to gain root privileges. A local user can exploit this flaw in the checking of XPC entitlements. CVE-2015-1130 Exploits/Local Mac OS X
FortiClient Weak IOCTL mdare Driver Local Privilege Escalation Exploit FortiClient is prone to a privilege-escalation vulnerability that affects mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, mdare64_52.sys and Fortishield.sys drivers. All these drivers expose an API to manage processes and the windows registry, for instance, the IOCTL 0x2220c8 of the mdareXX_XX.sys driver returns a full privileged handle to a given process PID. In particular, this same function is replicated inside Fortishield.sys. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of any selected process. This module uses the previous vulnerability to inject an agent inside lsass.exe process. CVE-2015-5737 Exploits/Local Windows
Linux fusermount Environment Variable Privilege Escalation Exploit The 'fusermount' binary, part of the FUSE system in Linux, executes the /bin/mount binary with ruid set to 0 without clearing the environment variables provided by unprivileged users. This flaw can be leveraged by local unprivileged users to gain root privileges by leveraging the functionality provided by the LIBMOUNT_MTAB environment variable to overwrite an arbitrary file on the affected system. CVE-2015-3202 Exploits/Local Linux
Microsoft Windows AFD Driver Local Privilege Escalation Exploit (MS08-066) This module exploits a vulnerability in Windows Ancillary function driver when the 0x1203F IOCTL in afd.sys is invoked with a specially crafted parameter. The IOCTL 0x1203F handler in the afd.sys function driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-3464 Exploits/Local none
Linux Sing Log Injection Local Exploit SING is prone to a local privilege-escalation vulnerability, that allows an unprivileged process to elevate privileges to root. CVE-2007-6211 Exploits/Local Linux
Linux Kernel n_tty_write Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. CVE-2014-0196 Exploits/Local Linux
CyberGhost CG6Service Service SetPeLauncherState Vulnerability Local Privilege Escalation Exploit The CG6Service Service in CyberGhost has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process. NOCVE-9999-85362 Exploits/Local Windows
ProFTPD Controls Buffer Overflow Exploit update The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. This update adds support for Windows Vista and Windows Server 2008. CVE-2010-4398 Exploits/Local Windows
Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit This module exploits a vulnerability in Linux for x86-64. The IA32 system call emulation functionality does not zero-extend the EAX register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the RAX register and escalate privileges. This vulnerability is a regression of CVE-2007-4573. CVE-2010-3301 Exploits/Local Linux
Symantec Endpoint Protection Kernel Pool Overflow Privilege Escalation Exploit Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. CVE-2014-3434 Exploits/Local Windows
Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit Update (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-2005 Exploits/Local Windows
Microsoft Windows Win32k NULL Page Vulnerability Exploit (MS13-081) This module exploits a vulnerability in "win32k.sys" by calling to the "TrackPopupMenuEx" function. CVE-2013-3881 Exploits/Local Windows
Panda Internet Security RKPavProc.sys Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in Panda Internet Security RKPavProc.sys driver when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-44499 Exploits/Local Windows
Linux X.org MIT-SHM Extension Privilege Escalation Exploit This module exploits a integer overflow condition on local X.org servers with MIT-SHM extension activated. CVE-2007-6429 Exploits/Local Linux
Microsoft Windows Win32k Improper Message Handling Vulnerability Exploit (MS13-005) An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. CVE-2013-0008 Exploits/Local Windows
Windows Debugging Subsystem Exploit Update There is an authentication vulnerability in the Windows debugging subsystem (smss). This allows any user to obtain a handle with any access of any process running. With this handle an agent is injected in a SYSTEM process. The update fixes an issue using Import * CVE-2002-0367 Exploits/Local Windows
Linux Kernel udp_sendmsg Privilege Escalation Exploit This module exploits a vulnerability in the udp_sendmsg function in the UDP implementation in net/ipv4/udp.c and net/ipv6/udp.c in the Linux kernel before 2.6.19 allowing local users to gain privileges via vectors involving the MSG_MORE flag and a UDP socket. CVE-2009-2698 Exploits/Local Linux
Microsoft Windows Task Scheduler Service Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. This update adds support for Windows 7 and Windows 2008 x64. CVE-2010-3338 Exploits/Local Windows
FreeBSD atkbd SETFKEY Ioctl Privilege Escalation Exploit Incorrect signedness comparison in the ioctl handler of the atkbd keyboard driver in the FreeBSD kernel can be leveraged by a local unprivileged user to overwrite a portion of the kernel memory, thus allowing the attacker to gain root privileges on the affected system. CVE-2016-1886 Exploits/Local FreeBSD
Norman Security Suite Nprosec.sys Privilege Escalation Exploit Norman Security Suite is affected by a privilege escalation vulnerability that can be exploited by local, unprivileged users to gain SYSTEM privileges. The vulnerability occurs in the Nprosec.sys driver when handling IOCTL 0x00220210. NOCVE-9999-49673 Exploits/Local Windows
Microsoft Windows Sysret Instruction Privilege Escalation Exploit (MS12-042) On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local Windows
Microsoft Windows TCP IP Arbitrary Write Local Privilege Escalation Exploit (MS14-070) The TCP/IP Driver (tcpip.sys) present in Microsoft Windows fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x00120028) to the vulnerable driver. CVE-2014-4076 Exploits/Local Windows
Linux suid_dumpable exploit The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. CVE-2006-2451 Exploits/Local Linux
FreeBSD X.Org libXfont BDF Privilege Escalation Exploit The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. CVE-2013-6462 Exploits/Local FreeBSD
Linux abrt sosreport Symlink Privilege Escalation Exploit The sosreport program, a component of the ABRT bug reporting system used in Red Hat Enterprise Linux, does not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/tmp/abrt). This can be leveraged by local unprivileged attackers to gain root privileges on vulnerable systems. CVE-2015-5287 Exploits/Local Linux
Mac OS X smcFanControl Local Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in smcFanControl on Apple Mac OS X 10.4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. CVE-2008-6252 Exploits/Local Mac OS X