The StateToOptions function in msfweb in Metasploit Framework 2.4 and previous versions, when running with the -D option (defanged mode), allows malicious users to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
metasploit metasploit framework 2.0 |
||
metasploit metasploit framework 2.1 |
||
metasploit metasploit framework 2.2 |
||
metasploit metasploit framework 2.3 |
||
metasploit metasploit framework 2.4 |