October 10, 2012

You'd think releasing v12.5 of Impact, Introducing the concept of an Identity Manager and the Assisted Start Guide and then shipping that to all our customers would be enough for the month of September. However, this is when the advantage of having a dedicated Exploit Writing Team and a separate and dedicated Impact Development Team is really felt by our customers. Despite the extensive efforts to finalize and QA v12.5 of Impact we were still able to continue to release critical exploits to our customer base.

We released an entire new version of Impact, including hundreds of updates, at the same time we also released 14 updates for our customers to ensure they can continue with their security testing.

Updates for September 2012 (excluding maintenance updates)

Remote Code Execution

HP OpenView Performance Agent coda.exe Opcode 0x34 Buffer Overflow Exploit
HP OpenView Performance Agent coda.exe Opcode 0x8C Buffer Overflow Exploit

Client Side

Cisco Linksys PlayerPT ActiveX Control Buffer Overflow Exploit Update
Cisco Linksys PlayerPT ActiveX Control Buffer Overflow Exploit Update
Internet Explorer Same ID Property Remote Code Execution Exploit
Microsoft Internet Explorer Exec Function Use After Free Exploit
Microsoft Internet Explorer Fixed Table Col Span Exploit (MS12-037)
Microsoft Word MSCOMCTL TabStrip Control Use-after-free Exploit(MS12-060)

Privilege Escalation

Symantec LiveUpdate Administrator Local Privilege Escalation Exploit

And our maintenance updates included an update to our AV evasion capabilities.

Alex Horan, Senior Product Manager


  • Penetration testing

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!