This update includes 6 new modules, including exploits for Dexter (CasinoLoader), MediaWiki, Oracle Forms and Reports, Audiotran PLS, and Easy CD-DA Recorder. It also contains a new post module for Windows.
In addition, this update fixes 2 issues.
- Dexter (CasinoLoader) SQL Injection by bwall (Brian Wallace)
- MediaWiki Thumb.php Remote Command Execution by Ben Campbell, Ben Harris, Brandon Perry, and Netanel Rubin exploits CVE-2014-1610
- Oracle Forms and Reports Remote Code Execution by Mekanismen and miss_sudo exploits CVE-2012-3153
- Audiotran PLS File Stack Buffer Overflow by Philip OKeefe
- Easy CD-DA Recorder PLS Buffer Overflow by juan vazquez, Gabor Seljan, and chap0 exploits CVE-2010-2343
Auxiliary and post modules
- Windows Gather Active Directory Service Principal Names by Ben Campbell and Scott Sutherland
Notable Changes and Resolved Issues
- 8763 - Allow the attacker to interact with the target (human) via a webcam
- 8765 - enum_ad_user_comments Uninitialized Constants
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.8.2 updates to 4.8.2-2014021901
MSF3 4.8.2 updates to 4.8.2-2014021901