This update includes 4 new modules, including exploits for vTiger CRM, IBM Forms Viewer and IcoFX. It also contains a new post module for Windows.
In addition, this update fixes 3 issues.
- vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload by juan vazquez and Egidio Romano exploits CVE-2013-3215
- IBM Forms Viewer Unicode Buffer Overflow by juan vazquez and rgod exploits ZDI-13-274
- IcoFX Stack Buffer Overflow by juan vazquez and Marcos Accossatto exploits CVE-2013-4988
Auxiliary and post modules
- Windows Manage Driver Loader by Borja Merino
Notable Changes and Resolved Issues
- 8723 - Rspec fails on Msf::Util::EXE due to magic file
- 8726 - Multi/handler with reverse_https over NAT
- 8729 - Add video live streaming ability
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.8.2 updates to 4.8.2-2014010801
MSF3 4.8.2 updates to 4.8.2-2014010801