This update includes 9 new exploits for Raidsonic NAS Devices, GLPI, Western Digital Arkeia, OpenEMR, CA BrightStor, Internet Explorer, A-PDF, Microsoft Windows and PCMAN FTP Server.
In addition, this update fixes 3 issues.
- Raidsonic NAS Devices Unauthenticated Remote Command Execution by juan vazquez and Michael Messner exploits OSVDB-90221
- GLPI install.php Remote Command Execution by Tristan Leiter exploits CVE-2013-5696
- Western Digital Arkeia Remote Code Execution by xistence
- OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution by xistence exploits OSVDB-97482
- CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow by MC exploits OSVDB-68330
- MS13-069 Microsoft Internet Explorer CCaret Use-After-Free by sinn3r and corelanc0d3r exploits MS13-069
- A-PDF WAV to MP3 v1.0.0 Buffer Overflow by Dr_IDE, d4rk-h4ck3r, and dookie exploits OSVDB-67241
- MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution by juan vazquez and Eduardo Prado exploits MS13-071
- PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow by Christian (Polunchis) Ramirez and Rick (nanotechz9l) Flores exploits OSVDB-94624
Notable Changes and Resolved Issues
- 8364 - Fix sniffer in 64-bit meterpreter
- Fix an issue which sometimes prevented migrating meterpreter from a 32-bit to 64-bit process
- Remove duplicate services and vulns when importing data from Foundstone MVM
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.0 updates to 4.7.0-2013092501
MSF3 4.7.0 updates to 4.7.0-2013092501