Metasploit 4.4.0 Update 2012101001

Document created by todb Employee on Oct 9, 2012Last modified by todb Employee on Oct 15, 2012
Version 2Show Document
  • View in full screen mode



This update includes ten new modules, including exploits for PhpTax, QNX QCONN, Avaya IP Office, Avaya WinPMD, Microsoft Windows, and InduSoft Web Studio.


In addition, this update fixes six reported issues.


Update: This update now also includes two new modules for CVE-2012-4933. For details, see our blog post, New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability


Module Changes

Exploit modules


Auxiliary and post modules


Resolved Issues


Note that several of this week's issues popped up in development between updates, so Metasploit Community and Metasploit Pro users were not likely to experience them.


#7297 : Resolved msfupdate cron job issues for Linux installers

#7292 : Resolved conflicts with certain constants when loading modules

#7291 : Resolved 1.8.7 incompatibility with new module loading scheme

#7287 : adobe_flash_otf_font now explains URI truncation

#7282 : Fixed file.rb close paren error

#5800 : Generic ROP chains now supported (see the RopDB blog post)

#4041 : Properly Implemented ROP payloads (basically a dupe of #5800)


How to Upgrade


Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.


Version Information


PRO 4.4.0 updates to  2012101001

MSF3 4.4.0 updates to 2012101001