[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] WMF: New Metasploit Framework Module

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] WMF: New Metasploit Framework Module
From: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
Date: Sat, 31 Dec 2005 01:35:16 -0600

We just released a new version of the Metasploit Framework exploit module 
for the Escape/SetAbortFunc code execution flaw. This module now pads the 
Escape() call with random WMF records. You may want to double check your 
IDS signatures -- most of the ones I saw today could be easily bypassed 
or will false positive on valid graphic files.

Available via msfupdate, the 2.5 snapshot, or straight from the web site:
http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile

-HD
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Xanga Hit By Script Worm?
Previous by thread: [Full-disclosure] Xanga Hit By Script Worm?
Index(es):
- Date
- Thread