This update includes 8 new modules, including exploits for eScan, Sophos, Vtiger and Microsoft Word. It also contains new modules for OpenSSL, Firefox and Windows.
- eScan Web Management Console Command Injection by juan vazquez and Joxean Koret
- Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution by Brandon Perry exploits ZDI-14-069
- Vtiger Install Unauthenticated Remote Command Execution by Jonathan Borgeaud exploits CVE-2014-2268
- MS14-017 Microsoft Word RTF Object Confusion by Haifei Li, Spencer McIntyre, and unknown exploits CVE-2014-1761
Auxiliary and post modules
- OpenSSL Heartbeat (Heartbleed) Client Memory Exposure by hdm, Antti, Matti, Neel Mehta, and Riku exploits CVE-2014-0160
- Windows Gather Enumerate Active Domain Users by Ben Campbell and Etienne Stalmans
Notable Changes and Resolved Issues
- Locations undefined for SE report webpage preview generation
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.