CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
09.12.2013 Microsoft Windows Theme File Handling Exploit (MS13-071) The vulnerability is caused due to an error when handling theme and screensaver files. CVE-2013-0810 Exploits/Client Side Windows
09.06.2013 Sophos Web Protection Appliance sblistpack Command Injection Exploit The /opt/ws/bin/sblistpack Perl script in Sophos Web Protection Appliance, which can be reached from the web interface, is vulnerable to OS command injection because its get_referers() function does not escape the first argument of the script before using it within a string that will be executed as a command by using backticks. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code in the affected appliance with the privileges of the "spiderman" operating system user. A second vulnerability in the Sophos Web Protection Appliance (an OS command injection in the /opt/cma/bin/clear_keys.pl script, which can be executed by the "spiderman" user with the sudo command without password) allows an attacker who successfully compromised the appliance to escalate privileges from "spiderman" to root. CVE-2013-4983 Exploits/Remote Linux
09.05.2013 SIEMENS Solid Edge SEListCtrlX ActiveX Memory Write Exploit Siemens Solid Edge SEListCtrlX ActiveX control is prone to an arbitrary memory write vulnerability because the application fails to perform adequate boundary checks on user-supplied data. NOCVE-9999-58736 Exploits/Client Side Windows
09.04.2013 Graphite Pickle Remote Code Execution Exploit This module exploits an unsafe pickle operation of Graphite in order to install an agent. CVE-2013-5093 Exploits/Remote Linux
09.04.2013 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free (MS13-059) Use after free in Internet Explorer when an invalid reference to CFlatMarkupPointer is used. Successful control of the freed memory may leverage arbitrary code execution under the context of the user. CVE-2013-3184 Exploits/Client Side Windows
09.01.2013 Kingsoft Writer WPS Font Names Buffer Overflow Exploit Kingsoft Writer is prone to a Buffer Overflow when handling font names via a specially crafted WPS file with an overly long font name. CVE-2013-3934 Exploits/Client Side Windows
08.29.2013 HP LoadRunner micWebAjax ActiveX Control NotifyEvent Exploit The specific flaw exists within the micWebAjax.dll ActiveX control. The control exposes the NotifyEvent method. The method performs insufficient bounds checking on user-supplied data which results in stack corruption. CVE-2013-2368 Exploits/Client Side Windows
08.28.2013 Triologic Player M3U Unicode SEH Buffer Overflow Exploit Triologic Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Triologic Player when handling misleading m3u files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This is an UNICODE overflow so special shellcode must be considered. This vulnerability can be exploited via a specially crafted .m3u file. CVE-2009-0266 Exploits/Client Side Windows
08.28.2013 Agnitum Outpost Security Suite Privilege Escalation Exploit This module exploits a vulnerability in Agnitum Outpost Security Suite acs.exe service server when handling a specially crafted request, sent to the acsipc_server named pipe. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the acs.exe server process. NOCVE-9999-59314 Exploits/Local Windows
08.25.2013 GSM SIM Utility SEH Buffer Overflow Exploit GSM SIM Utility contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in GSM SIM Editor when handling misleading .sms files. When opening such files an error message is shown and then a buffer overflow occurs. This situation allows an attacker to overwrite an SEH Pointer and control the execution flow. NOCVE-9999-59322 Exploits/Client Side Windows
08.21.2013 Super Player 3500 M3U Local Stack Buffer Overflow Exploit Super Player 3500 contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Super Player when handling long .m3u files. NOCVE-9999-59277 Exploits/Client Side Windows
08.15.2013 UPnP Vulnerability Checker This module checks for vulnerabilities in UPnP-enabled systems. It sends a SSDP "M-SEARCH" packet to the multicast group (239.255.255.250) and checks for known banners corresponding to vulnerable UPnP SDK versions. CVE-2012-5958 Exploits/Tools
08.13.2013 Microsoft Windows Win32k Read AV Vulnerability (MS13-053) Update This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk. This update adds support to Windows 2003 64 bits, Windows Vista 64 bits, Windows 2008 64 bits, Windows 2008 R2, Windows 7 64 bits, Windows 8 64 bits and Windows 2012 64 bits. CVE-2013-3660 Exploits/Local Windows
08.13.2013 Upgrade to Impact 2013 R1.4 Upgrades Impact to v2013 Release 1.4; more information can be found at http://blog.coresecurity.com/2013/08/14/announcing-core-impact-v2013-r1-4/ Exploits/Remote
08.12.2013 Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework. CVE-2013-2251 Exploits/Remote Windows, Linux, Mac OS X
08.12.2013 Elecard MPEG Player SEH Buffer Overflow Exploit Elecard MPEG Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Elecard MPEG Player when handling .m3u files, situation that leads to a buffer overflow and the possibility to overwrite an SEH Pointer. This can be exploited via a specially crafted .m3u file. NOCVE-9999-59136 Exploits/Client Side Windows
08.12.2013 VLC Media Player ABC File Parsing Exploit The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow in the libmodplug library used by VLC Media Player. NOCVE-9999-59318 Exploits/Client Side Windows
08.12.2013 Oracle Document Capture BlackIceDevMode ActiveX Buffer Overflow Exploit The Import Server component of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. This could allow command execution when a user loads a web page which calls the SetAnnotationFont method of the BlackIceDevMode.ocx ActiveX control with a overly long string argument. CVE-2013-1516 Exploits/Client Side Windows
08.11.2013 HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Exploit The specific flaw exists within the lrFileIOService ActiveX control. The control exposes the WriteFileBinary method which accepts a parameter named data that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser. CVE-2013-2370 Exploits/Client Side Windows
08.08.2013 Core Player M3U Playlist Buffer Overflow Exploit A Buffer Overflow exist in Core Player when parsing .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. NOCVE-9999-58790 Exploits/Client Side Windows
08.08.2013 Oracle Java ProviderSkeleton Remote Code Execution Exploit This module exploits a vulnerability in Oracle Java. Abusing the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments it is possible to execute arbitrary code. CVE-2013-2460 Exploits/Client Side Windows, Linux
08.08.2013 Microsoft Windows Print Spooler Service Format String Vulnerability DoS (MS12-054) Update This update provides a better documentation for this module CVE-2012-1851 Denial of Service/Remote Windows
08.07.2013 Oracle WebCenter Content CheckOutAndOpen ActiveX openWebdav Arbitrary File Code Execution Exploit Oracle WebCenter Content is prone to a Remote File Execution vulnerability within the CheckOutAndOpen.dll ActiveX when using openWebdav method. By specifying a constructed path an attacker can force the contents of the file to be passed to ShellExecuteExW, thus being able to execute arbitrary files. The payload is embedded on a VBS file which is automatically executed when a HTA file is requested through Webdav. CVE-2013-1559 Exploits/Client Side Windows
08.04.2013 freeSSHd SSH Server Authentication Bypass Remote Code Execution Exploit Update This update modifies the application version displayed in Quick Information CVE-2012-6066 Exploits/Remote Windows
08.04.2013 Chasys Draw IES BMP Image Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error within flt_BMP.dll when processing BMP images and can be exploited to cause a stack-based buffer overflow via specially crafted "biPlanes" and "biBitCount" fields. CVE-2013-3928 Exploits/Client Side Windows
08.02.2013 ABBS Audio Media Player Buffer Overflow Exploit ABBS Audio Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in ABBS when handling .lst files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .lst file. NOCVE-9999-58468 Exploits/Client Side Windows
07.31.2013 GroundWork monarch_scan.cgi Remote Code Execution Exploit This module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. CVE-2013-3502 Exploits/Remote Linux
07.29.2013 OpenSSL DTLS ChangeCipherSpec DoS ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. CVE-2009-1386 Denial of Service/Remote Linux, FreeBSD
07.28.2013 XnView PSP Image Processing Buffer Overflow Exploit A vulnerability when processing PSP files can be exploited to cause a stack based buffer overflow via a specially crafted file. CVE-2013-3492 Exploits/Client Side Windows
07.26.2013 DJ Studio Pro SEH Overflow Exploit DJ Studio Pro contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in the application when handling .pls files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .pls file. This overflow allows to overwrite an SEH pointer, generate and exception and execute arbitrary code. NOCVE-9999-58778 Exploits/Client Side Windows

Pages