CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
07.28.2014 Microsoft Windows On-Screen Keyboard Mouse Input Privilege Escalation Exploit (MS14-039) The On-Screen Keyboard application of Microsoft Windows is prone to a privilege escalation vulnerability when handling mouse input originated from a process running with Low Integrity Level. This vulnerability allows an agent running with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-2781 Exploits/Local Windows
07.25.2014 Microsoft Windows TCP TimeStamp Option Vulnerability DoS (MS14-031) Update This module exploits a vulnerability in "tcpip.sys" by sending a large number of TCP packets with the Time Stamp option enabled. This update adds support to network configuration parameters. Besides, this update includes Windows 8.1 as supported. CVE-2014-1811 Denial of Service/Remote Windows
07.22.2014 Microsoft Internet Explorer CMarkup Object Use-After-Free Exploit (MS14-021) Update 2 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. This update solves an issue with the Internet Explorer version detection the module executes, that may show an error message in the browser and an indication of the browser not being supported in the web server module log, even when the version of the target browser is actually supported. CVE-2014-1776 Exploits/Client Side Windows
07.21.2014 HP AutoPass License Server Remote Code Execution Exploit This module exploits a remote code execution vulnerability in HP AutoPass License Server. The CommunicationServlet component in HP AutoPass License Server does not enforce authentication and has a directory traversal vulnerability allowing a remote attacker to execute arbitrary code trough a JSP page uploaded to the vulnerable server. CVE-2013-6221 Exploits/Remote Windows
07.21.2014 Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. CVE-2013-3336 Exploits/Remote Windows, Linux
07.17.2014 mIRC Buffer Overflow Exploit update 2 The vulnerability is caused due to a boundary error in the processing of PRIVMSG IRC messages. This can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious IRC server. This update resolves SuspendOtherThread usage. CVE-2008-4449 Exploits/Client Side Windows
07.17.2014 Apache Struts 2 devMode OGNL Remote Code Execution Exploit Update The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system. This update fixes the CVE identifier associated with the vulnerability exploited by this module. CVE-2012-0394 Exploits/Remote Windows, Mac OS X, Linux
07.16.2014 Microsoft Windows Administrator UAC Elevation Bypass This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group. NOCVE-9999-64489 Exploits/Local Windows
07.14.2014 FreeBSD X.Org libXfont BDF Privilege Escalation Exploit The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. CVE-2013-6462 Exploits/Local FreeBSD
07.13.2014 Linux Kernel n_tty_write Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings. CVE-2014-0196 Exploits/Local Linux
07.11.2014 Apache Struts 2 devMode OGNL Remote Code Execution Exploit The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system. NOCVE-9999-62986 Exploits/Remote Windows, Mac OS X, Linux
07.03.2014 Microsoft Windows TCP TimeStamp Option Vulnerability DoS (MS14-031) This module exploits a vulnerability in "tcpip.sys" by sending a large number of TCP packets with the Time Stamp option enabled. CVE-2014-1811 Denial of Service/Remote Windows
07.02.2014 AVTECH DVR Camera Administration Login Console Captcha Bypass Exploit The /cgi-bin/nobody/VerifyCode.cgi file in AVTECH DVR cameras allows remote attackers to perform administration login console captcha bypass by using an arbitrary hardcoded captcha and its matching verification code. This module tries to verify if the vulnerability is present in the target device. CVE-2013-4982 Exploits/Remote
07.01.2014 VLC Media Player RTSP Processing Buffer Overflow Exploit VLC Media Player is prone to a buffer overflow when handling a specially crafted RTSP packets within the LIVE555 Plugin (liblive555_plugin.dll). CVE-2013-6934 Exploits/Client Side Windows
07.01.2014 Ericom AccessNow Server Buffer Overflow Exploit AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request. CVE-2014-3913 Exploits/Remote Windows
06.29.2014 Microsoft Internet Explorer CMarkup Object Use-After-Free Exploit(MS14-021) Update Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. This update adds support for Internet Explorer 8 and some specific patch versions of Internet Explorer 10 CVE-2014-1776 Exploits/Client Side Windows
06.26.2014 IcoFX Buffer Overflow Exploit IcoFX is prone to a security vulnerability when processing .ICO files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of IcoFX to open a specially crafted icon file. CVE-2013-4988 Exploits/Client Side Windows
06.24.2014 Adobe Reader X XFA BMP RLE Heap Corruption Exploit This module exploits a heap based buffer overflow vulnerability in Adobe Reader X when handling a specially crafted PDF file. CVE-2013-2729 Exploits/Client Side Windows
06.17.2014 OpenSSL ChangeCipherSpec Message Vulnerability Checker This module exploits a vulnerability in OpenSSL by sending a "Change Ciper Spec" message to the server. This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake. CVE-2014-0224 Exploits/Remote Linux
06.15.2014 Linux sudo env_reset Privilege Escalation Exploit A logical error in sudo when the env_reset option is disabled allows local attackers to define environment variables that were supposed to be blacklisted by sudo. This can be exploited by a local unprivileged attacker to gain root privileges by manipulating the environment of a command that the user is legitimately allowed to run with sudo. CVE-2014-0106 Exploits/Local Linux
06.15.2014 HP SiteScope issueSiebelCmd Remote Code Execution Exploit This module exploits a remote code execution vulnerability in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. CVE-2013-4835 Exploits/Remote Windows, Linux
06.11.2014 WellinTech KingSCADA AEServer Buffer Overflow Exploit The KingSCADA application has a stack-based buffer overflow vulnerability where the application overwrites the structured exception handler (SEH). An attacker could send a specially crafted packet to KingSCADA, and the application would handle the packet incorrectly, causing a stack-based buffer overflow. CVE-2014-0787 Exploits/Remote Windows
06.10.2014 Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program. CVE-2014-1807 Exploits/Local Windows
06.09.2014 Microsoft Windows Win32k Information Disclosure Vulnerability DoS (MS14-015) This module exploits a vulnerability in "win32k.sys" by calling to "NtUserValidateHandleSecure" function with crafted parameters. This is a documentation update from the original module "Microsoft Windows Win32k IsHandleEntrySecure Null Pointer Dereference DoS". CVE-2014-0323 Denial of Service/Local Windows
06.08.2014 Borland Silk Central TeeChart ActiveX Control AddSeries Untrusted Pointer Exploit The specific flaw exists within the Borland Silk Central TeeChart ActiveX control. The control suffers from an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process. NOCVE-9999-63948 Exploits/Client Side Windows
06.04.2014 Apache Struts ClassLoader Manipulation Remote Code Execution Exploit Update This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine. This update fixes some XML issues. CVE-2014-0094 Exploits/Remote Linux
06.02.2014 AT and T Connect Participant Application SVT File Exploit AT and T Connect Participant Application is prone to a Buffer-Overflow when handling specially crafted SVT files. CVE-2013-6029 Exploits/Client Side Windows
06.02.2014 Dassault Systemes Catia CATV5_Backbone_Bus Buffer Overflow Exploit A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded. NOCVE-9999-62708 Exploits/Remote Windows
06.01.2014 Adobe Flash Player AVM2 Integer Underflow Exploit Update This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014. This update adds support for Windows 7 x64, Windows Server 2008 x64 and Windows Server 2008 R2 x64. CVE-2014-0497 Exploits/Client Side Windows
05.29.2014 Client-Side Phishing Improvements Removes instantiating a java class, avoiding the popup stating Java is required to complete further operations. Exploits/Client Side

Pages