May was a busy month for our user support teams. While the Exploit and the L3 teams were working on the following DOT release (IMPACT 2013 R1.3), we shared more than 30 updates with our customers in May including exploits, modules and maintenance updates.
May efforts were mainly focused on delivering new exploits and improving our “Importers” and “Identity Manager” capabilities based on our customers’ feedback.
Updates for May 2013 (excluding five maintenance updates) include:
Remote Code Execution
Firebird SQL CNCT Remote Buffer Overflow Exploit
BigAnt IM Server DDNF Username Buffer Overflow Exploit
HP Intelligent Management Center mibFileUpload Servlet Remote Exploit
Schneider Electric Accutech Manager Heap Overflow Exploit
EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit
PHPMyAdmin Replace Table Prefix Remote Code Execution Exploit
Light HTTP Daemon Buffer Overflow Exploit
EMC AlphaStor Library Control Program Buffer Overflow Exploit
SAP Netweaver Message Server _MsJ2EE_AddStatistics Memory Corruption Exploit
Novell ZENworks Mobile Management Remote Code Execution Exploit
Microsoft Internet Explorer CGenericElement Object Use-After-Free Exploit
Microsoft Windows Win32k Font Parsing Vulnerability ClientSide DoS (MS13-036)
GlobalSCAPE CuteZIP Buffer Overflow Exploit
ERDAS ER Viewer ERM_convert_to_correct_webpath Buffer Overflow Exploit
Kingsoft Office wpsio Buffer Overflow Exploit
Oracle Java Font Handling Code Execution Exploit
IBM SPSS SamplePower C1sizer ActiveX Control Buffer Overflow Exploit
Local & DoS
Microsoft Windows Win32k Divide Error Exception DoS (MS13-046)
Wireshark DRDA Dissector DoS
Microsoft Windows Win32k Buffer Overflow Exploit (MS13-046)
In addition to the above we also published several advisories related to major bugs found in surveillance devices that were highly discussed by the security community.
Finally we shared a guide on how to start using CORE CloudCypher that we recommend you to read and get the most out of CORE Impact.
Your feedback and questions are greatly appreciated. Please send us your questions and suggestions that help us improve Impact for you. Learn more about penetration testing.