Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Xorg Privilege Escalation Exploit X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. CVE-2006-0745 Exploits/Local none
Libdbus DBUS_SYSTEM_BUS_ADDRESS Variable Local Privilege Escalation Libdbus 1.5.x and earlier, when used in setuid processes not clearing the environment variables, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. CVE-2012-3524 Exploits/Local Linux
Microsoft Windows Win32k Privilege Escalation Exploit (MS16-135) Update 2 This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges. This update adds support to Windows 2008 (32 and 64 bits) and Windows 2008 R2 (64 bits) CVE-2016-7255 Exploits/Local Windows
WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit Windows 2003 Support This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update adds support for Windows 2003. CVE-2007-3681 Exploits/Local Windows
Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) Update When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program. This update fixes a regression introduced in version 2016_R1. CVE-2014-1807 Exploits/Local Windows
Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit This module exploits a vulnerability in Windows XP when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-5587 Exploits/Local Windows
Microsoft Windows AFD Driver Local Privilege Escalation Exploit (MS08-066) Update This module exploits a vulnerability in Windows Ancillary function driver when the 0x1203F IOCTL in afd.sys is invoked with a specially crafted parameter. The IOCTL 0x1203F handler in the afd.sys function driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update adds support for Windows 2003. CVE-2008-3464 Exploits/Local Windows
Mac OS X Mach Exception Handling exploit update An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. This update adds support for Mac OS X (i386) CVE-2006-4392 Exploits/Local none
Avast Antivirus ASWMON.SYS Privilege Escalation Exploit This module exploits a vulnerability in Avast Antivirus ASWMON.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-3522 Exploits/Local Windows
FreeBSD NFS Client Privilege Escalation Exploit The NFS client subsystem in FreeBSD fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted. This may cause a kernel stack overflow that can be exploited by local users to gain root privileges. CVE-2010-2020 Exploits/Local FreeBSD
Novell Client 2 NICM.SYS Privilege Escalation Exploit This module exploits a vulnerability in the NICM.SYS driver shipped with Novell Client 2 when handling specially crafted IOCTL requests. CVE-2013-3956 Exploits/Local Windows
Trend Micro Titanium Maximum Security TMTDI.SYS Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Trend Micro Titanium Maximum Security tmtdi.sys driver. The vulnerable driver trusts a dword passed from user mode via IOCTL 0x220404, and interprets it as a function pointer without performing validations. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-45910 Exploits/Local Windows
Novell NetWare Client NWFILTER.SYS Local Privilege Escalation Exploit This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL. The vulnerability allows local users to overwrite memory and execute arbitrary code via a malformed Interrupt Request Packet (Irp) parameters. CVE-2007-5667 Exploits/Local Windows
Apple Mac OS X DYLD_PRINT_TO_FILE Privilege Escalation Exploit This module exploits a vulnerability present in Mac OS X. dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain root privileges via the DYLD_PRINT_TO_FILE environment variable. CVE-2015-3760 Exploits/Local Mac OS X
Sudoedit Privilege Escalation Exploit Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0426 Exploits/Local Solaris, AIX, Linux, FreeBSD, OpenBSD, Mac OS X
IBM Director CIM Server Privilege Escalation Exploit IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process. CVE-2009-0880 Exploits/Local Windows
PAM Motd Privilege Escalation Exploit PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps.A local attacker could exploit this to gain root privileges. CVE-2010-0832 Exploits/Local Linux
Microsoft Windows Win32k NULL Page Vulnerability Exploit (MS13-081) Update This module exploits a vulnerability in "win32k.sys" by calling to the "TrackPopupMenuEx" function. This update adds support to Windows 7 64 bits and Windows 2008 R2. CVE-2013-3881 Exploits/Local Windows
Microsoft Windows Print Spooler Load Library Vulnerability Exploit (MS09-022) Update This Update adds support to Microsoft Windows XP and 2003. This module takes advantage of an insufficient library path check in spoolsv.exe service to load a dll from an arbitrary directory with System user privileges. CVE-2009-0230 Exploits/Local Windows
AIX Pioout Local Buffer Overflow Privilege Escalation Exploit AIX Pioout is prone to a vulnerability that allows attackers to execute arbitrary code with superuser privileges. This is due to insecure permissions shared libraries. CVE-2007-5764 Exploits/Local AIX
AIX update_flash PATH usage exploit This module exploits a untrusted search path vulnerability in update_flash for IBM AIX. CVE-2006-2647 Exploits/Local AIX
Linux Kernel netfilter target_offset Privilege Escalation Exploit This module exploits a vulnerability in the Linux kernel related to the netfilter target_offset field. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. NOCVE-9999-74999 Exploits/Local Linux
Mac OS X i386_set_ldt Vulnerability Local Privilege Escalation Exploit This module exploits a vulnerability on "i386_set_ldt" function of "mach_kernel" creating a "call gate" entry in the LDT. CVE-2011-0182 Exploits/Local Mac OS X
Microsoft Windows Telephony Service exploit This module connects to Telephony Service and sends a message via lineSetAppPriorityW winapi32 producing a buffer overflow and installs an agent. CVE-2005-0058 Exploits/Local Windows
Linux Kernel perf_swevent_init Privilege Escalation Exploit This module exploits a vulnerability in the Linux kernel. The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. CVE-2013-2094 Exploits/Local Linux
Novell NetWare Client NWFS.SYS Local Privilege Escalation Exploit This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-3158 Exploits/Local Windows
GNU Glibc ld.so ORIGIN Privilege Escalation Exploit The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3847 Exploits/Local Linux
Microsoft Windows Administrator UAC Elevation Bypass This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group. NOCVE-9999-64489 Exploits/Local Windows
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
Linux apport Race Condition Privilege Escalation Exploit This module exploits a vulnerability in the Linux apport application. The apport application can be forced to drop privileges to uid 0 and write a corefile anywhere on the system. This can be used to write a corefile with crafted contents in a suitable location to gain root privileges. CVE-2015-1325 Exploits/Local Linux