This update includes 9 new modules, including exploits for Splunk, Nagios, Maxthon3, FreeFloat FTP Server and IBM System Director.
In addition, this update fixes bugs 7223, 7592 and 7593.
- PostgreSQL for Linux Payload Execution by egyp7, todb, and midnitesnake
- Splunk 5.0 Custom App Remote Code Execution by sinn3r, juan vazquez, and marcwickenden
- Nagios XI Network Monitor Graph Explorer Component Command Injection by sinn3r and Daniel Compton exploits OSVDB-83552
- Maxthon3 about:history XCS Trusted Zone Code Execution by sinn3r, juan vazquez, and Roberto Suggi Liverani
- FreeFloat FTP Server Arbitrary File Upload by sinn3r and juan vazquez exploits OSVDB-88303
- HP Data Protector DtbClsLogin Buffer Overflow by juan vazquez and AbdulAziz Hariri exploits ZDI-10-174
- IBM System Director Agent DLL Injection by juan vazquez, Bernhard Mueller, and kingcope exploits CVE-2009-0880/
Auxiliary and Post modules
- Symantec Messaging Gateway 9.5 Log File Download Vulnerability by sinn3r and Ben Williams exploits CVE-2012-4347
- Steam client session Collector. by Nikolai Rusakov
7223 Meterpreter can kill session with -h option
7592 Remove extra / from URI in Windows download_exec payload
7593 Undefined method in adobe_flash_otf_font module
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.0 updates to 2012121201
MSF3 4.5.0 updates to 2012121201