This week's release includes 1 exploit module and 0 auxiliary and post-exploitation modules.
- Adobe Flash Player Shader Buffer Overflow by juan vazquez and Unknown exploits CVE-2014-0515
Notable Fixes and Changes
PR #5524: Updated and added Linux support to adobe_flash_pixel_bender_bof exploit PR #5527, Consistently emit log messages as 'exploit/multi/handler '
- PR #5530: Added shell_to_meterpreter improvements PR #5550, Added custom exe_filename to to_exe_vba PR #5538, Enhance ssh_version to use recog library for banners
- Pro: msfpro and msfconsole now launch on Kali Linux without error.
- Pro: Tags can now start with alphanumeric characters, dots, dashes, and underscores.
- Pro: Search improvements have been added to enable to you build advanced, custom queries that automatically filter the results in the Credentials table. To search for credentials, click on the Search field on the Credentials Reuse page or Manage Credentials page to display a drop-down of available search operators. After you select an operator, the search field displays a list of all available keyword options that are available for the operator. You can use as many operators as you need to find an exact credentials match.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.3 updates to 4.11.3-2015062101
MSF3 4.11.3 updates to 4.11.3-2015062101