We're pleased to announce the official release of Core Impact Pro 2014 R2.2. More than 25 updates have been added thus far, and they are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. Several exploit modules have been released, including one for a vulnerability in Kerberos affecting Windows systems and one for the 'GHOST' vulnerability in glibc. Additionally, we released an experimental module that can be used to deploy an Impact Agent using an Arduino board. In addition to the above, this release also includes:
- 8 client side exploits, including 1 for IE and 5 for Corel products
- 1 local exploit for Linux and 2 exploits for Windows
- 1 denial-of-service module for Windows
- Several general updates, including improvements to antivirus evasion mechanisms and support for evading Windows Security Essentials, and changes affecting importers from third-party scanners such as Nessus, AppScan and Tripwire (nCircle).
Here is the complete list of published modules: Remote Exploits Kerberos Checksum Remote Privilege Escalation Exploit (MS14-068) Oracle Forms and Reports Remote Code Execution Exploit Client Side Exploits Microsoft Internet Explorer CMarkup Object Use-After-Free Exploit (MS14-021) Update 3 Git Insecure Path Component Exploit CorelCAD Multiple DLL Hijacking Exploit Corel FastFlix Multiple DLL Hijacking Exploit Corel VideoStudio Pro X7 and FastFlix u32ZLib DLL Hijacking Exploit Corel PDF Fusion Quserex DLL Hijacking Exploit Corel Painter Wacommt DLL Hijacking Exploit 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 SaveCurrentImageEx Buffer Overflow Exploit Local Exploits Linux Kernel libfutex Privilege Escalation Exploit Microsoft Windows Administrator UAC Elevation Bypass Update Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 3 Exploit Tools GHOST glibc gethostbyname Buffer Overflow Verifier DHCP Server improvements Denial of Service Microsoft Windows Telnet Server ProcessDataReceivedOnSocket DoS (MS15-002) Update Maintenance/Misc AV Evasion Improvements v2 LibEgg update Mimikatz Update Web Browser Fingerprinting Improvements Import Output from IBM Rational AppScan Update Import Output from Nessus RPC Update nCircle Importer Update Install Agent using Teensy board WebApps Vulnerability Scanner Validator Wizard Update Metasploit Framework CVE Update For an introduction to the most comprehensive, commercial-grade penetration testing product available, request a trial of Core Impact Pro today.