This update includes nine new modules, including exploits for Microsoft Windows, Apache ActiveMQ, AjaXplorer, Project Pier, and KeyHelp.
In addition, this update fixes four reported issues.
- Novell ZENworks Asset Management 7.5 Remote File Access by juan vazquez exploits CVE-2012-4933
- Novell ZENworks Asset Management 7.5 Configuration Access by juan vazquez exploits CVE-2012-4933
- AjaXplorer checkInstall.php Remote Command Execution by sinn3r, David Maciejak, and Julien Cayssol exploits OSVDB-63552
- Project Pier Arbitrary File Upload Vulnerability by sinn3r and BlackHawk exploits OSVDB-85881
- KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability by juan vazquez and rgod exploits ZDI-12-169
- Windows Escalate Service Permissions Local Privilege Escalation by scriptjunkie
Auxiliary and Post modules
- Apache ActiveMQ JSP files Source Disclosure by juan vazquez and Veerendra G.G exploits CVE-2010-1587
- Apache ActiveMQ Directory Traversal by juan vazquez and AbdulAziz Hariri
- Safe Delete Meterpreter Module by Borja Merino
#7324 : arp_scanner and ping_sweep performance regression fixed
#7300 : Created a mixin for PHP EXE type exploits
#7280 : Resolved a missing asset error for campaigns with web components
#7361 : Resolved a missing asset error for global settings (introduced in 2012101701)
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.4.0 updates to 2012101702
MSF3 4.4.0 updates to 2012101702