This update includes 9 new modules, including exploits for Safari, AllPlayer, Windows, HP Data Protector, SolidWorks and Yokogawa CENTUM CS 3000. It also contains new auxiliary modules for Yokogawa CENTUM CS 3000 and MantisBT.
In addition, this update fixes 1 issue.
- Safari User-Assisted Download and Run Attack by joev
- ALLPlayer M3U Buffer Overflow by Gabor Seljan, Mike Czumak, and metacom exploits OSVDB-98283
- Windows Escalate UAC Protection Bypass (In Memory Injection) by Ben Campbell, David Kennedy "ReL1K", mitnick, and mubix
- HP Data Protector Backup Client Service Remote Code Execution by juan vazquez and Aniway.Anyway exploits ZDI-14-008
- SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write by Brendan Coles and Mohamed Shetta exploits OSVDB-103671
- Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow by juan vazquez and Redsadic
- Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow by juan vazquez and Redsadic
Auxiliary and post modules
- Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow by juan vazquez and Redsadic
- MantisBT Admin SQL Injection Arbitrary File Read by Brandon Perry and Jakub Galczyk exploits CVE-2014-2238
Notable Changes and Resolved Issues
- 8771 - Fix osx/x64/exec payload on OSX Mavericks
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.8.2 updates to 4.8.2-2014031201
MSF3 4.8.2 updates to 4.8.2-2014031201