Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Microsoft Windows Sysret Instruction Privilege Escalation Exploit (MS12-042) On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with root privileges. CVE-2012-0217 Exploits/Local Windows
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 2 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to Windows Server 2012 R2 CVE-2015-2426 Exploits/Local Windows
FreeBSD atkbd SETFKEY Ioctl Privilege Escalation Exploit Incorrect signedness comparison in the ioctl handler of the atkbd keyboard driver in the FreeBSD kernel can be leveraged by a local unprivileged user to overwrite a portion of the kernel memory, thus allowing the attacker to gain root privileges on the affected system. CVE-2016-1886 Exploits/Local FreeBSD
Linux Sing Log Injection Local Exploit SING is prone to a local privilege-escalation vulnerability, that allows an unprivileged process to elevate privileges to root. CVE-2007-6211 Exploits/Local Linux
Microsoft Windows AFD AfdJoinLeaf Privilege Escalation Exploit Update (MS11-080) The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-2005 Exploits/Local Windows
Microsoft Windows TrueType Font Parsing Vulnerability Local Exploit (MS11-087) This module exploits a Windows kernel heap overflow vulnerability when a crafted TTF file is processed by Windows kernel. CVE-2011-3402 Exploits/Local Windows
Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit This module exploits a vulnerability in Linux for x86-64. The IA32 system call emulation functionality does not zero-extend the EAX register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the RAX register and escalate privileges. This vulnerability is a regression of CVE-2007-4573. CVE-2010-3301 Exploits/Local Linux
Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-4398 Exploits/Local Windows
Symantec Veritas VRTSweb Privilege Escalation Exploit This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port. That can be exploited by local users to gain elevated privileges. CVE-2009-3027 Exploits/Local Windows
Microsoft Windows AFD Driver Local Privilege Escalation Exploit (MS08-066) This module exploits a vulnerability in Windows Ancillary function driver when the 0x1203F IOCTL in afd.sys is invoked with a specially crafted parameter. The IOCTL 0x1203F handler in the afd.sys function driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-3464 Exploits/Local none
Linux Kernel packet_set_ring Privilege Escalation Exploit This module exploits a signedness error condition in the Linux Kernel via PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled. The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to escalate privileges. CVE-2017-7308 Exploits/Local Linux
Microsoft Windows Win32k Improper Message Handling Vulnerability Exploit (MS13-005) An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. CVE-2013-0008 Exploits/Local Windows
Microsoft Windows TCP IP Arbitrary Write Local Privilege Escalation Exploit (MS14-070) The TCP/IP Driver (tcpip.sys) present in Microsoft Windows fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x00120028) to the vulnerable driver. CVE-2014-4076 Exploits/Local Windows
Symantec Endpoint Protection Kernel Pool Overflow Privilege Escalation Exploit Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. CVE-2014-3434 Exploits/Local Windows
Norman Security Suite Nprosec.sys Privilege Escalation Exploit Norman Security Suite is affected by a privilege escalation vulnerability that can be exploited by local, unprivileged users to gain SYSTEM privileges. The vulnerability occurs in the Nprosec.sys driver when handling IOCTL 0x00220210. NOCVE-9999-49673 Exploits/Local Windows
Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) Update When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program. This update fixes a regression introduced in version 2016_R1. CVE-2014-1807 Exploits/Local Windows
FreeBSD X.Org libXfont BDF Privilege Escalation Exploit The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. CVE-2013-6462 Exploits/Local FreeBSD
Linux X.org MIT-SHM Extension Privilege Escalation Exploit This module exploits a integer overflow condition on local X.org servers with MIT-SHM extension activated. CVE-2007-6429 Exploits/Local Linux
Microsoft Windows Win32k Privilege Escalation Exploit (MS16-135) Update 2 This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges. This update adds support to Windows 2008 (32 and 64 bits) and Windows 2008 R2 (64 bits) CVE-2016-7255 Exploits/Local Windows
Libdbus DBUS_SYSTEM_BUS_ADDRESS Variable Local Privilege Escalation Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. CVE-2012-3524 Exploits/Local Linux
Microsoft Windows SystemDefaultEUDCFont Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in Microsoft Windows by setting a specially crafted SystemDefaultEUDCFont value in the HKEY_CURRENT_USER\EUDC Registry key, and then calling EnableEUDC() function in GDI32 library. It will enable local unprivileged users to gain SYSTEM privileges. This update adds support for Windows Vista and Windows Server 2008. CVE-2010-4398 Exploits/Local Windows
Mac OS X i386_set_ldt Vulnerability Local Privilege Escalation Exploit This module exploits a vulnerability on "i386_set_ldt" function of "mach_kernel" creating a "call gate" entry in the LDT. CVE-2011-0182 Exploits/Local Mac OS X
Linux suid_dumpable exploit The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. CVE-2006-2451 Exploits/Local Linux
Linux Kernel compat_alloc_user_space Privilege Escalation Exploit The "compat_alloc_user_space" function, which belongs to the 32-bit compatibility layer for 64-bit versions of Linux, can produce a stack pointer underflow when it's called with an arbitrary length input. This vulnerability can be used by local unprivileged users to corrupt the kernel memory in order to gain root privileges. CVE-2010-3081 Exploits/Local Linux
Samsung Security Manager Apache Felix Gogo Vulnerability Local Privilege Escalation Exploit Samsung Security Manager is prone to a privilege-escalation vulnerability that affects Apache Felix Gogo runtime. Due to an insecure default installation of the runtime, an attacker could then send commands that will be executed by the mentioned runtime. NOCVE-9999-80838 Exploits/Local Windows
Linux abrt sosreport Symlink Privilege Escalation Exploit The sosreport program, a component of the ABRT bug reporting system used in Red Hat Enterprise Linux, does not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/tmp/abrt). This can be leveraged by local unprivileged attackers to gain root privileges on vulnerable systems. CVE-2015-5287 Exploits/Local Linux
Microsoft Windows Task Scheduler Service Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. This update adds support for Windows 7 and Windows 2008 x64. CVE-2010-3338 Exploits/Local Windows
Windows Debugging Subsystem Exploit Update There is an authentication vulnerability in the Windows debugging subsystem (smss). This allows any user to obtain a handle with any access of any process running. With this handle an agent is injected in a SYSTEM process. The update fixes an issue using Import * CVE-2002-0367 Exploits/Local Windows
Panda Internet Security RKPavProc.sys Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in Panda Internet Security RKPavProc.sys driver when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-44499 Exploits/Local Windows
ProFTPD Controls Buffer Overflow Exploit update The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux