Core Impact Pro 2015 R1.1 Now Available

October 7, 2015

We are pleased to announce the official release of Core Impact Pro 2015 R1.1 today, October 7. More than 35 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version.

This is the first dot-release for 2015 R1. It includes:

  • 10 remote exploits including some for Apache ActiveMQ, IBM Tivoli and Symantec Endpoint Protection
  • 7 client-side including some for Adobe Reader and Microsoft Office
  • 7 local exploits including one for Windows default installs
  • 3 denial of service
  • Several general updates, including improvements to the evasion mechanism for several antiviruses, enhancements for numerous exploits, and performance improvements to the pause and resume functionality

Here is the complete list of published modules:

Remote Exploits

Apache ActiveMQ Path Traversal Exploit
AVG Remote Administration StoreServerConfig Command Remote Code Execution Exploit Update
HP Storage Data Protector MSG_PROTOCOL Buffer Overflow Exploit Update
IBM Tivoli Storage Manager FastBack Server GetJobByUserFriendlyString Exploit
Microsoft Windows Group Policy Remote Code Execution Vulnerability Exploit (MS15-011) Update
Nginx chunked Buffer Overflow Exploit metadata update
SolarWinds Firewall Security Manager userlogin Exploit
SquirrelMail map_yp_alias Command Injection Exploit Update
Symantec Endpoint Protection Manager Authentication Bypass Exploit
Usermin Email Signature Command Injection Exploit

Client Side Exploits

Adobe Acrobat Pro AFParseDate Javascript API Restrictions Bypass Exploit
Adobe Acrobat Pro Multiple Vulnerabilities Exploit
Adobe Flash Player AS3 Function.apply Integer Overflow Exploit
Microsoft Office Malformed EPS File Vulnerability Exploit (MS15-099)
Microsoft Office Malformed EPS File Vulnerability Exploit Update (MS15-099)
Microsoft Windows OLE Package Manager Code Execution Exploit (MS14-064)
SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit Update

Local Exploits

Adobe Reader X AdobeCollabSync Buffer Overflow Sandbox Bypass Exploit Update
FortiClient Weak IOCTL mdare Driver Local Privilege Escalation Exploit
Linux apport Race Condition Privilege Escalation Exploit Update
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update
Microsoft Windows Win32k ClientCopyImage Privilege Escalation Exploit(MS15-051)

Denial of Service

ISC BIND TKEY assert DoS
Microsoft Windows SMB Memory Corruption Vulnerability DoS (MS15-083)
Microsoft Windows Win32k Cursor Object Double Free Vulnerability DoS (MS15-010) Update

Mobile and WebApps exploits

Android Towelroot futex_requeue Privilege Escalation Exploit
Magento eCommerce Web Sites Remote Code Execution Exploit
WordPress Landing Pages Plugin Remote Command Execution

Import/Export

Import Output from IBM Rational AppScan Update
Tripwire Importer Update

Maintenance

Multiple Exploits AV evasion Improvements
AV Evasion Improvements in 64bits agents
AV Shell Improvements
Attack Camera using Weak Credentials Update
Quick Info Enhancement Update
Improvements to Install Agent using Teensy board
Pause and Resume Update
Supported services list update
Setup Metasploit Integration Update
CVE Database Update

  • Penetration testing
  • What's New At Core

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!