Core Impact Pro 2014 R1.4 Now Available

September 3, 2014

We are pleased to announce the official release of Core Impact Pro 2014 R1.4. More than 30 updates have been added, and they are all are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. This will be the last 'dot release' for 2014 R1, as we will be releasing Core Impact Pro 2014 R2 by late September.

core impact proWhat’s New?

We have added new modules and made enhancements to existing ones. For example:

  • Support for integration with Metasploit 4.10
  • 10 remote exploits, including some for Apache Struts and Adobe ColdFusion
  • 5 client side exploits, including some for IE
  • 5 local exploits for Windows, plus exploits for linux and OpenBSD
  • 1 denial-of-service module for Windows

Here is the complete list of published modules.

Remote exploits

Apache Struts 2 devMode OGNL Remote Code Execution Exploit Update
Adobe ColdFusion l10n.cfm Remote Code Execution Exploit
HP AutoPass License Server Remote Code Execution Exploit
MayGion IP Camera Path Traversal Vulnerability Exploit
Yokogawa CS3000 BKFSim vhfd Buffer Overflow Exploit
Easy File Sharing Web Server UserID Cookie Handling Buffer Overflow Exploit
Easy File Management Web Server UserID Cookie Handling Buffer Overflow Exploit
Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit
Symantec Workspace Streaming Agent XMLRPC Request putFile Method Remote Code Execution Vulnerability Exploit
Iconics Genesis SCADA HMI Genbroker Server Exploit Update
SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit
Openfiler Remote Code Execution Exploit

Local exploits

Linux Kernel n_tty_write Privilege Escalation Exploit
FreeBSD X.Org libXfont BDF Privilege Escalation Exploit
Microsoft Windows Administrator UAC Elevation Bypass
Microsoft Windows On-Screen Keyboard Mouse Input Privilege Escalation Exploit (MS14-039)
Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040)
Microsoft Windows MQAC.sys Arbitrary Write Local Privilege Escalation Exploit
Microsoft Internet Explorer IESetProtectedModeRegKeyOnly Protected Mode Escape Exploit (MS13-097)
Oracle VirtualBox Guest Additions Arbitrary Write Local Privilege Escalation Exploit

Client Side

Microsoft Internet Explorer CMarkup Object Use-After-Free Exploit (MS14-021) Update 2
Microsoft Internet Explorer Tabular Data Control ActiveX Exploit Reliability Enhancement Update v3
mIRC Buffer Overflow Exploit update 2
Advantech WebAccess dvs GetColor Stack Buffer Overflow Exploit
Samsung iPOLiS Device Manager XnsSdkDeviceIpInstaller DeleteDeviceProfile Method Stack Buffer Overflow Exploit
SolarWinds Network Configuration Manager Pesgo32c PEstrarg1 Heap Overflow Exploit

Denial of Service

Microsoft Windows TCP TimeStamp Option Vulnerability DoS (MS14-031) Update

Misc

Setup Metasploit Integration Update
Metasploit Framework CVE Update
Supported services list update
Maintenance of modules using SSL

Questions? Comments? Comment below or send a note to info@coresecurity.com. Haven’t tried this tool yet? Learn more about Core Impact Pro today.

  • News & Events
  • Vulnerability Management
  • What's New At Core

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!