It's been a busy month! While our upcoming IMPACT major release is progressing, IMPACT 2013 R1.3 was released in June with more than 30 new exploits (listed below) and we shared several updates to existing modules with our customers during the month. In addition to the above, we also published a new advisory related to surveillance devices (http://www.coresecurity.com/grid/advisories) and Nico Economou Specialist Exploit Writer commented about CVE-2013-3660 on its blog post “The Un-Patched Windows Kernel 0-day”. Exploit updates for June 2013 (excluding maintenance updates and modules) include: Remote Code Execution Wordpress W3 Total Cache PHP Remote Code Execution Exploit MongoDB nativeHelper Remote Code Execution Exploit IntraSrv Simple Web Server Buffer Overflow Exploit Remote File Disclosure HP Intelligent Management FaultDownloadServlet Directory Traversal Exploit HP Intelligent Management IctDownloadServlet Directory Traversal Exploit Client Side Microsoft Office PNG File Buffer Overflow Exploit Microsoft Internet Explorer COALineDashStyleArray Integer Overflow Exploit Google Sketchup MAC Pict Stack Corruption Exploit Mozilla Firefox plugin objects Privileged Code Execution Exploit IBM SPSS SamplePower Vsflex8l ActiveX Control Buffer Overflow Exploit Oracle Java Driver Manager Remote Code Execution Exploit Artweaver JPG Image Processing Buffer Overflow Exploit Sketchup MAC Pict Material Palette Stack Corruption Exploit XnView XCF Processing Image Layer Buffer Overflow Exploit Zoom Player BMP File Processing Buffer Overflow Exploit AudioCoder M3U Buffer Overflow Exploit Local & DoS Apple Mac OS X DirectoryService AllocFromProxyStruct Buffer Underflow DoS Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit Linux Kernel perf_swevent_init Privilege Escalation Exploit Symantec AMS Intel Handler Service DoS Serva TFTPD Service Large Read Requests Parsing DoS FreeBSD mmap ptrace Privilege Escalation Exploit We will be glad to share our ideas under development with you at Black Hat. We invite you to visit us in our booth, #409. Our team will be ready to answer questions, share ideas and provide support. Your feedback and questions are greatly appreciated. Please send us your questions and suggestions helping us to offer an even better solution to you. Flavio de Cristofaro – Vice President of Engineering for Professional Products
DOWN TO THE CORE: June 2013 IMPACT REPORTJuly 24, 2013
Ready for a Demo?
Eliminate identity-related breaches with SecureAuth!