This update includes 6 new modules, including exploits for GestioIP, ClipBucket, FlashChat, Siemens Solid Edge and HP LoadRunner. It also includes a new auxiliary module for Sentry Switched CDU.
In addition, this update fixes 5 reported issues.
- GestioIP Remote Command Execution by bperry
- ClipBucket Remote Code Execution by Gabby and xistence
- FlashChat Arbitrary File Upload by Brendan Coles and x-hayben21
- Siemens Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution by juan vazquez and rgod exploits OSVDB-93696
- HP LoadRunner magentproc.exe Overflow by juan vazquez and Unknown exploits CVE-2013-4800
Auxiliary and post modules
- Sentry Switched CDU Bruteforce Login Utility by Karn Ganeshen
Notable Changes and Resolved Issues
- 8304 - Fix UDPSweep modules (including IPMI modules) on Windows
- 8434 - Add ROP chains for Office 2007 and Office 2010
- 8443 - Fix bug in ha_operations_agent_coda_34 and hp_operations_agent_coda_8c on slow networks
- 8446 - Fix error when running auxiliary/gather/dns_info
- 8454 - Allow dynamic size for some ROP chains in RopDB
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.1 updates to 4.7.1-2013100901
MSF3 4.7.1 updates to 4.7.1-2013100901