This weekly update brings fifteen new modules, which includes exploits for Oracle MySQL, the Modbus protocol, Symantec Web Gateway, Snort, Microsoft Visio, Office, and IIS, Samsung NET-i Tom Sawyer Software, Sielco Sistemi, and Skype.
In addition, this update also adds support for importing FusionVM XML and adds PCAnywhere bruteforce.
- MySQL Authentication Bypass Password Dump by TheLightCosine and jcran
- Modbus Client by EsMnemon
- Modbus Version Scanner by EsMnemon
- Symantec Web Gateway 22.214.171.124 ipchange.php Command Injection by juan vazquez and Unknown
- Symantec Web Gateway 126.96.36.199 Arbitrary PHP File Upload Vulnerability by juan vazquez and Unknown
- Snort 2 DCE/RPC preprocessor Buffer Overflow by 0a29406d9794e4f9b30b3c5d6702c708, Carsten Maartmann-Moe , Neel Mehta, and Trirat Puttaraksa
- MS11-093 Microsoft Windows OLE Object File Handling Remote Code Execution by juan vazquez and Luigi Auriemma
- Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow by juan vazquez and Luigi Auriemma
- Tom Sawyer Software GET Extension Factory Remote Code Execution by juan vazquez, Elazar Broad, and rgod
- MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability by sinn3r and Yorick Koster
- Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow by patrick
- Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution by patrick
- Sielco Sistemi Winlog Buffer Overflow 2.07.14 by m-1-k-3
- Multi Gather Skype User Data Enumeration by Carlos Perez
- Several IE9 display bugs fixed
- Fixed an issue where Nexpose Scan could error out
- Fixed an issue in Analysis tab where Grouped View wasn't showing proper results
- Fixed an issue where Task Chains could error out when including a Bruteforce task and using IE9
- Fixed an issue where update alert could appear when it wasn't needed
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
After you update Metasploit Pro, the menu and update page may not display correctly. To resolve this issue, you must clear your browser's cache for user interface to load correctly.
PRO 4.3.0 2012060603 updates to 2012061301
MSF3 4.3.0 2012060603 updates to 2012061301