This update includes five new modules, including exploits for ZEN Load Balancer, Auxilium RateMyPet, HP ALM, and NTR NTR Cloud.
In addition, this update resolves nine reported issues.
- ZEN Load Balancer Filelog Command Execution by Brendan Coles exploits OSVDB-85654
- Auxilium RateMyPet Arbitrary File Upload Vulnerability by sinn3r and DaOne exploits OSVDB-85554
- HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution by juan vazquez and rgod exploits ZDI-12-170
- NTR ActiveX Control Check() Method Buffer Overflow by juan vazquez and Carsten Eiram exploits CVE-2012-0266
- NTR ActiveX Control StopModule() Remote Code Execution by juan vazquez and Carsten Eiram exploits CVE-2012-0267
#7210 : Added table headers to the loot and notes data table
#7229 : Task chain creation no longer fails after adding a module
#7126 : Task chains now show the current server time when setting the schedule for a task chain
#7232 : Improved task logging for exploit task to show target platform in output
#7101 : The Overview page no longer allows users to show/hide the Dashboard if the project is empty
#7165 : http_form_field.rb no longer adds 'Host' header field twice
#7006 : Added Spanish WinXP SP3 to screen_unlock.rb
#7036 : Fixed reverse_http stagers
#6905 : Fixed ssh_login NoMethodError
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.4.0 updates to 2012092601
MSF3 4.4.0 updates to 2012092601