WMF: New Metasploit Framework Module

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: WMF: New Metasploit Framework Module
From: H D Moore <sflist@xxxxxxxxxxxxxxxxxx>
Date: Sat, 31 Dec 2005 01:36:20 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: KMail/1.9

We just released a new version of the Metasploit Framework exploit module 
for the Escape/SetAbortFunc code execution flaw. This module now pads the 
Escape() call with random WMF records. You may want to double check your 
IDS signatures -- most of the ones I saw today could be easily bypassed 
or will false positive on valid graphic files.

Available via msfupdate, the 2.5 snapshot, or straight from the web site:
http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile

-HD

Prev by Date: Mapping and Remote manipulation of databases
Next by Date: Re: WTF??
Previous by thread: Mapping and Remote manipulation of databases
Next by thread: iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability
Index(es):
- Date
- Thread