Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
FreeBSD NFS Client Privilege Escalation Exploit The NFS client subsystem in FreeBSD fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted. This may cause a kernel stack overflow that can be exploited by local users to gain root privileges. CVE-2010-2020 Exploits/Local FreeBSD
WinPcap NPF.SYS IOCTL Handler Privilege Escalation Exploit Windows 2003 Support This module exploits a vulnerability in WinPcap. The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. This update adds support for Windows 2003. CVE-2007-3681 Exploits/Local Windows
Microsoft Windows Win32k Improper Message Handling Vulnerability Exploit (MS13-005) An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. CVE-2013-0008 Exploits/Local Windows
Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Exploit Update This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. CVE-2017-14075 Exploits/Local Windows
Microsoft Windows AFD Driver Local Privilege Escalation Exploit (MS08-066) This module exploits a vulnerability in Windows Ancillary function driver when the 0x1203F IOCTL in afd.sys is invoked with a specially crafted parameter. The IOCTL 0x1203F handler in the afd.sys function driver allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-3464 Exploits/Local none
Microsoft Windows Secondary Logon Vulnerability Exploit (MS16-032) This module exploits a vulnerability in "Windows Secondary Logon Service" when it fails to properly manage request handles in memory. CVE-2016-0099 Exploits/Local Windows
Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Update 2 This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability. This update adds support for Windows 8, Windows 8.1 and Windows 2012 platforms. CVE-2014-4113 Exploits/Local Windows
Microsoft Windows Token Kidnapping Local Privilege Escalation Exploit (MS09-012) This module exploits a vulnerability in the way that Microsoft Windows manages the RPCSS service and improperly isolates processes running under the NetworkService or LocalService accounts. This can be exploited to execute arbitrary code with System privileges. CVE-2008-1436 Exploits/Local Windows
Symantec Endpoint Manager PowerPoint Misaligned Stream-Cache Privilege Escalation Exploit The vulnerability resides in parsing crafted Microsoft PowerPoint documents and produces a buffer overflow in the stack, leading to a privilege escalation to System. CVE-2016-2209 Exploits/Local Windows
Microsoft Windows MS-DOS Device Name Privilege Escalation Exploit(MS15-038) An elevation of privilege vulnerability exists when Windows kernel does not properly constrain impersonation levels. The vulnerability occurs because a user can place symlinks for the system drives in the per-login session device map and the kernel will follow them during impersonation. An attacker who successfully exploited this vulnerability may, for example, redirect a call to LoadLibrary, from a system service (when impersonating), to an arbitrary location. CVE-2015-1644 Exploits/Local Windows
Microsoft Windows Win32k Read AV Vulnerability (MS13-053) This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This is only a documentation update of the original module "Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit". CVE-2013-3660 Exploits/Local Windows
Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Exploit (MS16-098) This module exploits a vulnerability in win32k.sys by creating special Windows menues with crafted parameters. CVE-2016-3308 Exploits/Local Windows
FreeBSD Kernel Protosw Privilege Escalation Exploit The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "socket()" system call, and allows an unprivileged process to elevate privileges to root or escape a FreeBSD jail. CVE-2008-5736 Exploits/Local FreeBSD
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS10-073) This module exploits a vulnerability on "win32k.sys" when a keyboard layout is loaded by the kernel. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2743 Exploits/Local Windows
ESET Smart Security EPFW.SYS Privilege Escalation Exploit This module exploits a vulnerability in ESET Smart Security EPWF.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-5724 Exploits/Local Windows
Microsoft Windows Kernel ATMFD Font Vulnerability Exploit This module exploits a vulnerability in atmfd.sys module by loading a crafted OTF font. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-73027 Exploits/Local Windows
FreeBSD mbufs sendfile Cache Poisoning Privilege Escalation Exploit The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption. This data corruption can be exploited by an local attacker to escalate their privilege by carefully controlling the corruption of system files. It should be noted that the attacker can corrupt any file they have read access to. CVE-2010-2693 Exploits/Local FreeBSD
Microsoft WINS Input Validation Exploit (MS11-070) Update This module adds support to Microsoft Windows 2008. This module exploits a vulnerability on Microsoft WINS service sending crafted UDP packets to the WINS-RPC local port. CVE-2011-1984 Exploits/Local Windows
Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Exploit The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges. CVE-2008-2830 Exploits/Local Mac OS X
Linux Kernel UDEV Local Privilege Escalation Exploit The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. CVE-2009-1186 Exploits/Local Linux
AIX update_flash PATH usage exploit This module exploits a untrusted search path vulnerability in update_flash for IBM AIX. CVE-2006-2647 Exploits/Local AIX
Solarwinds DameWare Mini Remote Control Server Privilege Escalation Exploit A certain message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw(). CVE-2016-2345 Exploits/Local Windows
Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit This module exploits a vulnerability in Windows XP when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-5587 Exploits/Local Windows
Mac OS X Mach Exception Handling exploit update An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. This update adds support for Mac OS X (i386) CVE-2006-4392 Exploits/Local none
Microsoft Windows Win32k Read AV Vulnerability (MS13-053) Update This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003 64 bits, Windows Vista 64 bits, Windows 2008 64 bits, Windows 2008 R2, Windows 7 64 bits, Windows 8 64 bits and Windows 2012 64 bits. CVE-2013-3660 Exploits/Local Windows
Mac OS X CUPS lppasswd Local Privilege Escalation Exploit This module exploits a format string vulnerability in CUPS lppasswd in Apple Mac OS X 10.5.6 that allows local users to get code execution with elevated privileges. CVE-2010-0393 Exploits/Local Mac OS X
Microsoft Windows Sysret Instruction Privilege Escalation Exploit (MS12-042) Update On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. Windows is vulnerable due to the way the Windows User Mode Scheduler handles system requests. This module exploits the vulnerability and installs an agent with system privileges. This update fixes an issue in the documentation. CVE-2012-0217 Exploits/Local Windows
Linux X.org MIT-SHM Extension Privilege Escalation Exploit This module exploits a integer overflow condition on local X.org servers with MIT-SHM extension activated. CVE-2007-6429 Exploits/Local Linux
Adobe Acrobat Reader armsvc Service Privilege Escalation Exploit Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106. CVE-2015-5090 Exploits/Local Windows
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS10-073) Update This update adds support to Microsoft Windows 7. This module exploits a vulnerability on "win32k.sys" when a keyboard layout is loaded by the kernel. CVE-2010-2743 Exploits/Local Windows