This update includes seven new modules, including exploits for ESVA, XODA, Adobe Flash Player, and Sysax Multi Server.
Update: Update 2012082202 includes a new exploit for an Oracle Java 0-day. See this blog post for more details. It is otherwise identical to update 2012082201.
- HTTP Client Basic Authentication Credential Collector by saint patrick
- HTTP Client MS Credential Relayer by Rich Lundeen
- Java 7 Applet Remote Code Execution by sinn3r, juan vazquez, jduck, and Unknown exploits an Oracle Java 0-day
- E-Mail Security Virtual Appliance learn-msg.cgi Command Injection by juan vazquez and iJoo exploits an unreported vulnerability
- XODA 0.4.5 Arbitrary PHP File Upload Vulnerability by juan vazquez and Shai rod exploits an ureported vulnerability
- Adobe Flash Player 11.3 Font Parsing Code Execution by sinn3r, juan vazquez, and Alexander Gavrun exploits CVE-2012-1535
- Sysax Multi Server 5.64 Create Folder Buffer Overflow by Craig Freyman and Matt "hostess" Andreko exploits OSVDB-82329
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.4.0 updates to 2012082202
MSF3 4.4.0 updates to 2012082202