[Canvas] CANVAS 6.83 released

Christos Kalkanis chris at immunityinc.com
Fri Nov 9 16:49:42 EST 2012


########################################################################
#                       *CANVAS Release 6.83*                          #
########################################################################

*Date*: 9 November 2012

*Version*: 6.83 ("Tower")

*Download URL*: https://canvas.immunityinc.com/cgi-bin/getcanvas.py

*Release Notes*:

We have a lot of new modules for this release. We start with clientsides
for IE (ms12_037, ie_execCommand), a clientside for Adobe Flash 
and a local privilege escalation exploit for Windows x64 (ms12_042).

Moreover, we include remote exploits for Microsoft SharePoint Server
and EMC networker and two remote recon modules for the DELL Chassis
web interface.

We conclude with a utility module (parallel_portscan) and a collection
of local modules (info_sessions, wlanlist, passwordhints) that are handy
to have in your toolkit.


==Changes==

o Major CANVAS core updates to support new Strategic framework

o New JAVA MOSDEF implementation supports HTTP(S) MOSDEF callbacks

o java_deserialize2, java_forName_getField, java_AtomicReferenceArray
  updated to use it

o New module types: localcommand and utility

o Bugfixes to JavaNode


==New Modules==

o ms12_042 (MS12-042 Privilege Escalation Exploit)

o ie_execCommand (IE execCommand() Use-After-Free exploit)

o ms12_037 (MS12-037 Microsoft Internet Explorer Fixed Table Col Span Heap Overflow)

o adobe_flash_otf_parsing (Adobe Flash Player 11.3.300.2x integer overflow font parsing code execution)

o emc_networkerFS (EMC Networker format string exploitation)

o CVE_2010_3964 (Microsoft SharePoint Server 2007 Arbitrary File Upload RCE)

o dellchassis (DELL Web Interface Scanner)

o delldrac (DELL Web Interface Scanner)

o passwordhints (List user password hints)

o info_sessions (List information about all active sessions)

o wlanlist (List wireless network information)

o parallel_portscan (Threaded TCP portscanner)


*Forum*

Still at https://forum.immunityinc.com/ . Useful for all your many questions!

*CANVAS Tips 'n' Tricks*:

This release includes a new Java MOSDEF implementation that enables the
use of HTTP/HTTPS payloads. This can be very useful when your targets
are in controlled/corporate environments that enforce the use of proxies.
The new HTTP payloads will transparently use system-configured proxies
(if present) giving you a point of entry into these type of networks.

We have updated three of our latest Java modules to work with the
new payloads: java_deserialize2, java_AtomicReferenceArray, java_forName_getField.

A demo movie illustrating some of this month's new features can also
be found here: http://partners.immunityinc.com/movies/canvasdemonov.mp4


*Links*:

Support email      : support at immunityinc.com
Sales support      : sales at immunityinc.com
Support/Sales phone: +1 786-220-0600


########################################################################
########################################################################


More information about the Canvas mailing list