Metasploit Pro 4.3.0 Update 2012050901

Document created by jcran on May 10, 2012Last modified by jcran on May 10, 2012
Version 2Show Document
  • View in full screen mode

Summary

 

This weekly update brings four new modules including the much-anticipated module to test for CVE-2012-1823, the PHP CGI Argument injection. Additionally, this update includes modules for Firefox 7/8, VLC MMS and Solarwinds Storage Manager.

 

Module Changes

 

* PHP CGI Argument Injection

* Firefox 7/8 (<= 8.0.1) nsSVGValue Out-of-Bounds Access Vulnerability

* VLC MMS Stream Handling Buffer Overflow

* Solarwinds Storage Manager 5.1.0 SQL Injection

 

Resolved Bugs & Changes

 

* Issue #6782 : Resolved issues with API Documentation.

* Issue #6500 : snmp_enum now enumerates the processes.

* Issue #5919 : multi_post has undefined variable 'script'

* Issue #6438 : OSX post modules now report creds correctly.

* Issue #6511 : Clarified an error message with snmp_set.

* Issue #6537 : Resolved an issue when calling 'get_imperstoken' with administrator privs.

* Issue #6761 : OWA Brute Force Utility now gathers more usernames/passwords.

* Issue #6801 : Resolved an issue with enum_dirperms access is denied.

* Issue #6809 : Resolved an issue in the VMWare vmware_enum_vms module.

* Issue #6826 : msfvenom fails with NoMethodError undefined method `supports?' for [Msf::Module::Platform::Linux]:Array []

 

How to Upgrade

 

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, "view this video":https://community.rapid7.com/videos/1256 in the Rapid7 Community.

 

Version Information

 

PRO 4.3.0 2012050201 updates to 2012050901

MSF3 4.3.0 2012050201 updates to 2012050901

Attachments

    Outcomes