[41958] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

WMF: New Metasploit Framework Module

daemon@ATHENA.MIT.EDU (H D Moore)
Thu Jan 5 05:27:37 2006

From: H D Moore <sflist@digitaloffense.net>
To: bugtraq@securityfocus.com
Date: Sat, 31 Dec 2005 01:36:20 -0600
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200512310136.21021.sflist@digitaloffense.net>

We just released a new version of the Metasploit Framework exploit module 
for the Escape/SetAbortFunc code execution flaw. This module now pads the 
Escape() call with random WMF records. You may want to double check your 
IDS signatures -- most of the ones I saw today could be easily bypassed 
or will false positive on valid graphic files.

Available via msfupdate, the 2.5 snapshot, or straight from the web site:
http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile

-HD


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41958] in bugtraq

WMF: New Metasploit Framework Module

daemon@ATHENA.MIT.EDU (H D Moore)Thu Jan 5 05:27:37 2006

daemon@ATHENA.MIT.EDU (H D Moore)
Thu Jan 5 05:27:37 2006