This update includes 5 new modules, including exploits for Symantec Endpoint Protection, Total Video Player, and GE Proficy CIMPLICITY. It also contains new auxiliary modules for Linksys WRT120N and Apache Commons.
In addition, this update fixes 1 issue.
- Symantec Endpoint Protection Manager Remote Command Execution by Chris Graham, Stefan Viehbock, and xistence exploits CVE-2013-5015
- Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow by Fr330wn4g3 and Mike Czumak exploits OSVDB-100619
- GE Proficy CIMPLICITY gefebt.exe Remote Code Execution by juan vazquez, Z0mb1E, and amisto0x07 exploits ZDI-14-015
Auxiliary and post modules
- Linksys WRT120N tmUnblock Stack Buffer Overflow by Craig Heffner and Michael Messner exploits OSVDB-103521
- Apache Commons FileUpload and Apache Tomcat DoS by Unknown and ribeirux exploits CVE-2014-0050
Notable Changes and Resolved Issues
- 8481 - Output plaintext creds in a way john can use them
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.8.2 updates to 4.8.2-2014030501
MSF3 4.8.2 updates to 4.8.2-2014030501