This weekly update brings nine new modules, including exploits for Boa HTTP Server, F5 BIG-IP, WordPress, Microsoft Internet Explorer, Lattice Semiconductor PAC-Designer, TFM MMPlayer, ComSndFTP, and EZHomeTech EzServer. Notably, the Internet Explorer exploit is unpatched at the time of this update's release.
In addition, this update also includes a fix for a cross-site scripting vulnerability in Metasploit's web UI. Thanks to Borja Merino for the vulnerability report.
- Intersil (Boa) HTTPd Basic Authentication Password Reset by Claudio "paper" Merloni, Luca "ikki" Carettoni, and Max Dietz exploits BID-25676
- F5 BIG-IP SSH Private Key Exposure by egypt exploits CVE-2012-1493
- WordPress plugin Foxypress uploadify.php Arbitrary Code Execution by Sammy FORGIT and patrick exploits BID-53805
- MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption by juan vazquez, Dark Son, Unknown, and Yichong Lin exploits MS12-037
- Microsoft XML Core Services MSXML Uninitialized Memory Corruption by sinn3r, juan vazquez, binjo, and inking26 exploits BID-53934
- Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow by sinn3r, juan vazquez, and Unknown exploits CVE-2012-2915
- TFM MMPlayer (m3u/ppl File) Buffer Overflow by Brendan Coles and RjRjh Hack3r exploits OSVDB-80532
- ComSndFTP v1.3.7 Beta USER Format String (Write4) Vulnerability by ChaoYi Huang, corelanc0d3r, mr_me, and rick2600 exploits OSVDB-82798
- EZHomeTech EzServer v6.4.017 Stack Buffer Overflow Vulnerability by modpr0be exploits EDB-19266
- PHP apache_request_headers Function Buffer Overflow by juan vazquez and Vincent Danen exploits CVE-2012-2329
- #6607 Web server properly shuts down after campaign stops
- #6962 Reports now use custom names assigned by the user
- #6974 Click on host tag to search for hosts
- #6979 Error message for non-alphanumeric host tag is now more descriptive
- #6986 Bruteforce log no longer shows hash
- #6991 Report names accept underscores
- #6992 Campaigns now save without stack trace error
- #6993 Downloaded reports now use custom names assigned by user
- #2503 Screenshots maintain original image size or is resized proportionately for the report (reporting enhancement)
- #6436 IPv6 payloads are available for CMD payload exploits
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
After you update Metasploit Pro, the menu and update page may not display correctly. To resolve this issue, you must clear your browser's cache for user interface to load correctly.
PRO 4.3.0 2012061301 updates to 2012062001
MSF3 4.3.0 2012061301 updates to 2012062001