This weekly update brings eight new modules, including a post-exploitation module which allows for the download and execution of Windows PowerShell scripts on target machines. This update also includes modules for HP StorageWorks, Foxit Reader, Oracle WebLogic, FlexNet, ActiveCollab, and Squiggle.
Additionally, this update resolves two outstanding bugs around the Bruteforce component, and one Session upgrade bug.
- Active Collab "chat module"
- Squiggle 1.7 SVG Browser Java Code Execution
- HP StorageWorks P4000 Virtual SAN Appliance Command Execution
- Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
- Oracle Weblogic Apache Connector POST Request Buffer Overflow
- FlexNet License Server Manager lmgrd Buffer Overflow
- OSX Text to Speech Utility
- Windows Manage PowerShell Download and/or Execute
Resolved Bugs & Changes
- #6865 Fixes task chain list state inclusion
- #6881 Fixes session upgrade button stack trace
- #6882 Fixes bruteforce SSH stack trace
- #6883 Fixes bruteforce component showing schema dump in log
- #6891 Fixes mysql_payload exploit reliability
- #6892 Fixes unrealircd_backdoor exploit reliability
- #6898 Fixes update check frequency
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.3.0 2012051603 updates to 2012052303
MSF3 4.3.0 2012051603 updates to 2012052303